Class: Y2Firewall::Firewalld::Zone

Inherits:
Object
  • Object
show all
Extended by:
Relations, Yast::I18n
Includes:
Yast::I18n, Yast::Logger
Defined in:
library/network/src/lib/y2firewall/firewalld/zone.rb

Overview

Class to work with Firewalld zones

Constant Summary collapse

KNOWN_ZONES =

Map of known zone names and description

{
  "block"    => N_("Block Zone"),
  "dmz"      => N_("Demilitarized Zone"),
  "drop"     => N_("Drop Zone"),
  "external" => N_("External Zone"),
  "home"     => N_("Home Zone"),
  "internal" => N_("Internal Zone"),
  "public"   => N_("Public Zone"),
  "trusted"  => N_("Trusted Zone"),
  "work"     => N_("Work Zone")
}.freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Relations

enable_modifications_cache, has_attributes, has_many

Constructor Details

#initialize(name: nil) ⇒ Zone

Constructor

If a :name is given it is used as the zone name. Otherwise, the default zone name will be used as fallback.

Parameters:

  • name (String) (defaults to: nil)

    zone name



67
68
69
70
# File 'library/network/src/lib/y2firewall/firewalld/zone.rb', line 67

def initialize(name: nil)
  @name = name || api.default_zone
  relations.each { |r| public_send("#{r}=", []) }
end

Instance Attribute Details

#nameString

Returns Zone name.

Returns:

  • (String)

    Zone name



57
58
59
# File 'library/network/src/lib/y2firewall/firewalld/zone.rb', line 57

def name
  @name
end

Class Method Details

.known_zonesObject



72
73
74
# File 'library/network/src/lib/y2firewall/firewalld/zone.rb', line 72

def self.known_zones
  KNOWN_ZONES
end

Instance Method Details

#add_interface!(interface) ⇒ Object

Override relation method to be more defensive. An interface can only belong to one zone and the change method remove it before add.

Parameters:

  • interface (String)

    interface name



137
138
139
# File 'library/network/src/lib/y2firewall/firewalld/zone.rb', line 137

def add_interface!(interface)
  api.change_interface(name, interface)
end

#apply_changes!Object

Apply all the changes in firewalld but do not reload it



95
96
97
98
99
100
101
102
103
104
105
106
# File 'library/network/src/lib/y2firewall/firewalld/zone.rb', line 95

def apply_changes!
  return true unless modified?

  apply_relations_changes!
  apply_attributes_changes!
  if modified?(:masquerade)
    masquerade? ? api.add_masquerade(name) : api.remove_masquerade(name)
  end
  untouched!

  true
end

#change_interface(interface) ⇒ Object

Assign the interface to the zone removing it previously from any other zone that was including it.

Parameters:

  • interface (String)

    interface name



145
146
147
148
# File 'library/network/src/lib/y2firewall/firewalld/zone.rb', line 145

def change_interface(interface)
  firewalld.zones.each { |z| z.remove_interface(interface) }
  add_interface(interface)
end

#full_nameString

Known full name of the known zones. Usefull when the API is not accessible or when make sense to not call it directly to obtain the full name.

Returns:

  • (String)

    zone full name



90
91
92
# File 'library/network/src/lib/y2firewall/firewalld/zone.rb', line 90

def full_name
  self.class.known_zones[name]
end

#masquerade=(enable) ⇒ Boolean

Setter method for enabling masquerading.

Parameters:

  • enable (Boolean)

    true for enable; false for disable

Returns:

  • (Boolean)

    whether it is enabled or not



80
81
82
83
# File 'library/network/src/lib/y2firewall/firewalld/zone.rb', line 80

def masquerade=(enable)
  modified!(:masquerade)
  @masquerade = enable || false
end

#readObject

Read and modify the state of the object with the current firewalld configuration for this zone.



115
116
117
118
119
120
121
122
123
# File 'library/network/src/lib/y2firewall/firewalld/zone.rb', line 115

def read
  return unless firewalld.installed?

  read_relations
  @masquerade = api.masquerade_enabled?(name)
  untouched!

  true
end

#reload!Object

Convenience method wich reload changes applied to firewalld



109
110
111
# File 'library/network/src/lib/y2firewall/firewalld/zone.rb', line 109

def reload!
  api.reload
end

#service_open?(service) ⇒ Boolean

Return whether a service is present in the list of services or not

Parameters:

  • service (String)

    name of the service to check

Returns:

  • (Boolean)

    true if the given service name is part of services



129
130
131
# File 'library/network/src/lib/y2firewall/firewalld/zone.rb', line 129

def service_open?(service)
  services.include?(service)
end