Class: Yast::FirewalldWrapperClass
- Inherits:
-
Module
- Object
- Module
- Yast::FirewalldWrapperClass
- Includes:
- Logger
- Defined in:
- library/network/src/modules/firewalld_wrapper.rb
Overview
This module add support for handling firewalld configuration and it is mainly a firewalld wrapper. It is inteded to be used mostly by YaST modules written in Perl like yast-dns-server.
Constant Summary collapse
- VALID_PROTOCOLS =
["udp", "tcp", "sctp", "dccp"].freeze
Instance Method Summary collapse
-
#add_port(port_or_range, protocol, interface) ⇒ Object
Add the port or range of ports with the given protocol to the zone the interface belongs to.
-
#all_known_interfaces ⇒ Array<Hash>
Return an array with all the known (sysconfig configured) firewalld interfaces.
-
#initialize ⇒ FirewalldWrapperClass
constructor
A new instance of FirewalldWrapperClass.
-
#is_enabled ⇒ Boolean
Check whether the firewalld service is enable or not.
-
#is_modified ⇒ Boolean
Return true if the logging config or any of the zones where modified since read.
-
#is_service_in_zone(service, zone_name) ⇒ Boolean
Check if the service belongs to the zone.
-
#modify_interface_services(services, interfaces, status) ⇒ Object
sets status for several services on several network interfaces.
-
#read ⇒ Object
Convenience method for calling firewalld.read.
-
#remove_port(port_or_range, protocol, interface) ⇒ Object
Remove the port or range of ports with the given protocol to the zone the interface belongs to.
-
#write ⇒ Object
Convenience method for calling firewalld.write.
-
#write_only ⇒ Object
Convenience method for calling firewalld.write_only.
-
#zone_name_of_interface(interface) ⇒ String
Evaluate the zone name of an interface.
Constructor Details
#initialize ⇒ FirewalldWrapperClass
Returns a new instance of FirewalldWrapperClass.
37 38 39 40 41 42 |
# File 'library/network/src/modules/firewalld_wrapper.rb', line 37 def initialize super Yast.import "PortAliases" Yast.import "PortRanges" end |
Instance Method Details
#add_port(port_or_range, protocol, interface) ⇒ Object
Add the port or range of ports with the given protocol to the zone the interface belongs to. The port can be either a number or known service name.
interface zone; the port can be either a number or a known service name
72 73 74 75 76 77 78 79 80 81 |
# File 'library/network/src/modules/firewalld_wrapper.rb', line 72 def add_port(port_or_range, protocol, interface) return false unless valid_port?(port_or_range) return false unless supported_protocol?(protocol) zone = interface_zone(interface) return false unless zone port = "#{port_or_range.sub(":", "-")}/#{protocol.downcase}" zone.add_port(port) end |
#all_known_interfaces ⇒ Array<Hash>
Return an array with all the known (sysconfig configured) firewalld interfaces.
153 154 155 156 157 158 |
# File 'library/network/src/modules/firewalld_wrapper.rb', line 153 def all_known_interfaces Y2Firewall::Firewalld::Interface.known.map do |interface| { "id" => interface.name, "zone" => zone_name_of_interface(interface.name), "name" => interface.device_name } end end |
#is_enabled ⇒ Boolean
Check whether the firewalld service is enable or not
111 112 113 |
# File 'library/network/src/modules/firewalld_wrapper.rb', line 111 def is_enabled firewalld.enabled? end |
#is_modified ⇒ Boolean
Return true if the logging config or any of the zones where modified since read
119 120 121 |
# File 'library/network/src/modules/firewalld_wrapper.rb', line 119 def is_modified firewalld.modified? end |
#is_service_in_zone(service, zone_name) ⇒ Boolean
Check if the service belongs to the zone
141 142 143 144 145 146 |
# File 'library/network/src/modules/firewalld_wrapper.rb', line 141 def is_service_in_zone(service, zone_name) zone = firewalld.find_zone(zone_name) return false unless zone zone.services.include?(service) end |
#modify_interface_services(services, interfaces, status) ⇒ Object
sets status for several services on several network interfaces.
165 166 167 168 169 170 171 172 173 174 175 176 |
# File 'library/network/src/modules/firewalld_wrapper.rb', line 165 def modify_interface_services(services, interfaces, status) interfaces.each do |interface| zone = interface_zone(interface) next unless zone if status services.each { |service| zone.add_service(service) } else services.each { |service| zone.remove_service(service) } end end end |
#read ⇒ Object
Convenience method for calling firewalld.read
45 46 47 |
# File 'library/network/src/modules/firewalld_wrapper.rb', line 45 def read firewalld.read end |
#remove_port(port_or_range, protocol, interface) ⇒ Object
Remove the port or range of ports with the given protocol to the zone the interface belongs to. The port can be either a number or known service name.
the interface zone; the port can be either a number or a known service name
97 98 99 100 101 102 103 104 105 106 |
# File 'library/network/src/modules/firewalld_wrapper.rb', line 97 def remove_port(port_or_range, protocol, interface) return false unless valid_port?(port_or_range) return false unless supported_protocol?(protocol) zone = interface_zone(interface) return false unless zone port = "#{port_or_range.sub(":", "-")}/#{protocol.downcase}" zone.remove_port(port) end |
#write ⇒ Object
Convenience method for calling firewalld.write
50 51 52 |
# File 'library/network/src/modules/firewalld_wrapper.rb', line 50 def write firewalld.write end |
#write_only ⇒ Object
Convenience method for calling firewalld.write_only
55 56 57 |
# File 'library/network/src/modules/firewalld_wrapper.rb', line 55 def write_only firewalld.write_only end |
#zone_name_of_interface(interface) ⇒ String
Evaluate the zone name of an interface
128 129 130 131 132 133 |
# File 'library/network/src/modules/firewalld_wrapper.rb', line 128 def zone_name_of_interface(interface) zone = interface_zone(interface) return nil unless zone zone.name end |