Class: Yast::FirewalldWrapperClass

Inherits:

Module

• Object
• Module
• Yast::FirewalldWrapperClass

Includes:

Logger

Defined in:

library/network/src/modules/firewalld_wrapper.rb

Overview

This module add support for handling firewalld configuration and it is mainly a firewalld wrapper. It is inteded to be used mostly by YaST modules written in Perl like yast-dns-server.

Constant Summary

VALID_PROTOCOLS =

["udp", "tcp", "sctp", "dccp"].freeze

Instance Method Summary

• #add_port(port_or_range, protocol, interface) ⇒ Object

  Add the port or range of ports with the given protocol to the zone the interface belongs to.

• #all_known_interfaces ⇒ Array<Hash>

  Return an array with all the known (sysconfig configured) firewalld interfaces.

• #initialize ⇒ FirewalldWrapperClass constructor

  A new instance of FirewalldWrapperClass.

• #is_enabled ⇒ Boolean

  Check whether the firewalld service is enable or not.

• #is_modified ⇒ Boolean

  Return true if the logging config or any of the zones where modified since read.

• #is_service_in_zone(service, zone_name) ⇒ Boolean

  Check if the service belongs to the zone.

• #modify_interface_services(services, interfaces, status) ⇒ Object

  sets status for several services on several network interfaces.

• #read ⇒ Object

  Convenience method for calling firewalld.read.

• #remove_port(port_or_range, protocol, interface) ⇒ Object

  Remove the port or range of ports with the given protocol to the zone the interface belongs to.

• #write ⇒ Object

  Convenience method for calling firewalld.write.

• #write_only ⇒ Object

  Convenience method for calling firewalld.write_only.

• #zone_name_of_interface(interface) ⇒ String

  Evaluate the zone name of an interface.

Constructor Details

#initialize ⇒ FirewalldWrapperClass

Returns a new instance of FirewalldWrapperClass.

# File 'library/network/src/modules/firewalld_wrapper.rb', line 37

def initialize
  super

  Yast.import "PortAliases"
  Yast.import "PortRanges"
end

Instance Method Details

#add_port(port_or_range, protocol, interface) ⇒ Object

Add the port or range of ports with the given protocol to the zone the interface belongs to. The port can be either a number or known service name.

interface zone; the port can be either a number or a known service name

Examples:

FirewalldWrapper.add_port("80", "TCP", "eth0")
FirewalldWrapper.add_port("8080:8090", "TCP", "eth0")
FirewalldWrapper.add_port("nameserver", "UDP", "eth0")

Parameters:

• port_or_range (String) —

  port or range of ports to be added to the

• protocol (String) —

  port protocol

• interface (String) —

  interface name

# File 'library/network/src/modules/firewalld_wrapper.rb', line 72

def add_port(port_or_range, protocol, interface)
  return false unless valid_port?(port_or_range)
  return false unless supported_protocol?(protocol)

  zone = interface_zone(interface)
  return false unless zone

  port = "#{port_or_range.sub(":", "-")}/#{protocol.downcase}"
  zone.add_port(port)
end

#all_known_interfaces ⇒ Array<Hash>

Return an array with all the known (sysconfig configured) firewalld interfaces.

Returns:

• (Array<Hash>) —

  known interfaces e.g. [{ "id":"eth0", "name":"Askey 815C", "zone":"EXT"} , ... ]

# File 'library/network/src/modules/firewalld_wrapper.rb', line 153

def all_known_interfaces
  Y2Firewall::Firewalld::Interface.known.map do |interface|
    { "id" => interface.name, "zone" => zone_name_of_interface(interface.name),
      "name" => interface.device_name }
  end
end

#is_enabled ⇒ Boolean

Check whether the firewalld service is enable or not

Returns:

• (Boolean) —

  true if it is enable; false otherwise

# File 'library/network/src/modules/firewalld_wrapper.rb', line 111

def is_enabled
  firewalld.enabled?
end

#is_modified ⇒ Boolean

Return true if the logging config or any of the zones where modified since read

Returns:

• (Boolean) —

  true if the config was modified; false otherwise

# File 'library/network/src/modules/firewalld_wrapper.rb', line 119

def is_modified
  firewalld.modified?
end

#is_service_in_zone(service, zone_name) ⇒ Boolean

Check if the service belongs to the zone

Parameters:

• service (String) —

  service name

• zone (String) —

  zone name

Returns:

• (Boolean) —

  true if service is in zone

# File 'library/network/src/modules/firewalld_wrapper.rb', line 141

def is_service_in_zone(service, zone_name)
  zone = firewalld.find_zone(zone_name)
  return false unless zone

  zone.services.include?(service)
end

#modify_interface_services(services, interfaces, status) ⇒ Object

sets status for several services on several network interfaces.

Parameters:

• list (string) —

  service ids

• list (string) —

  network interfaces

• boolean —

  new status of services

# File 'library/network/src/modules/firewalld_wrapper.rb', line 165

def modify_interface_services(services, interfaces, status)
  interfaces.each do |interface|
    zone = interface_zone(interface)
    next unless zone

    if status
      services.each { |service| zone.add_service(service) }
    else
      services.each { |service| zone.remove_service(service) }
    end
  end
end

#read ⇒ Object

Convenience method for calling firewalld.read

# File 'library/network/src/modules/firewalld_wrapper.rb', line 45

def read
  firewalld.read
end

#remove_port(port_or_range, protocol, interface) ⇒ Object

Remove the port or range of ports with the given protocol to the zone the interface belongs to. The port can be either a number or known service name.

the interface zone; the port can be either a number or a known service name

Examples:

FirewalldWrapper.remove_port("80", "TCP", "eth0")
FirewalldWrapper.remove_port("8080:8090", "TCP", "eth0")
FirewalldWrapper.remove_port("nameserver", "UDP", "eth0")

Parameters:

• port_or_range (String) —

  port or range of ports to be removed from

• protocol (String) —

  port protocol

• interface (String) —

  interface name

# File 'library/network/src/modules/firewalld_wrapper.rb', line 97

def remove_port(port_or_range, protocol, interface)
  return false unless valid_port?(port_or_range)
  return false unless supported_protocol?(protocol)

  zone = interface_zone(interface)
  return false unless zone

  port = "#{port_or_range.sub(":", "-")}/#{protocol.downcase}"
  zone.remove_port(port)
end

#write ⇒ Object

Convenience method for calling firewalld.write

# File 'library/network/src/modules/firewalld_wrapper.rb', line 50

def write
  firewalld.write
end

#write_only ⇒ Object

Convenience method for calling firewalld.write_only

# File 'library/network/src/modules/firewalld_wrapper.rb', line 55

def write_only
  firewalld.write_only
end

#zone_name_of_interface(interface) ⇒ String

Evaluate the zone name of an interface

Parameters:

• interface (String) —

  interface name

Returns:

• (String) —

  zone name (nil; not found)

# File 'library/network/src/modules/firewalld_wrapper.rb', line 128

def zone_name_of_interface(interface)
  zone = interface_zone(interface)
  return nil unless zone

  zone.name
end