Class: Y2Firewall::Firewalld

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Includes:
Singleton, Yast::Logger
Defined in:
library/network/src/lib/y2firewall/firewalld.rb,
library/network/src/lib/y2firewall/firewalld/api.rb,
library/network/src/lib/y2firewall/firewalld/zone.rb,
library/network/src/lib/y2firewall/firewalld/service.rb,
library/network/src/lib/y2firewall/firewalld/api/zones.rb,
library/network/src/lib/y2firewall/firewalld/relations.rb,
library/network/src/lib/y2firewall/firewalld/zone_parser.rb,
library/network/src/lib/y2firewall/firewalld/api/services.rb

Overview

Main class to interact with Firewalld

Examples:

Enable the cluster service into the external zone


require "y2firewall/firewalld"

f = Y2Firewall::Firewalld.instance
f.read
external = f.find_zone("external")
external.services #=> ["ssh", "dns", "samba-client"]
external.add_service("cluster")
f.write

Defined Under Namespace

Modules: Relations Classes: Api, Error, Service, Zone, ZoneParser

Constant Summary collapse

PACKAGE =
"firewalld".freeze
SERVICE =
"firewalld".freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeFirewalld

Constructor



73
74
75
76
77
78
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 73

def initialize
  @api = Api.new
  @zones = []
  @services = []
  @read = false
end

Instance Attribute Details

#apiObject

Returns Y2Firewall::Firewalld::Api instance

Returns:

  • Y2Firewall::Firewalld::Api instance



54
55
56
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 54

def api
  @api
end

#default_zoneString

Returns firewalld default zone name

Returns:

  • (String)

    firewalld default zone name



65
66
67
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 65

def default_zone
  @default_zone
end

#log_denied_packetsString

Possible values are: all, unicast, broadcast, multicast and off

Returns:

  • (String)

    Type of log denied packets (reject & drop rules).



63
64
65
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 63

def log_denied_packets
  @log_denied_packets
end

#servicesArray <Y2Firewall::Firewalld::Service>

avoid performance problems it is empty by default and the services are added when needed by the find_service method.

Returns:



60
61
62
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 60

def services
  @services
end

#zonesArray <Y2Firewall::Firewalld::Zone>

Returns firewalld zones

Returns:



56
57
58
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 56

def zones
  @zones
end

Instance Method Details

#enabled?Boolean

Check whether the firewalld service is enable or not

Returns:

  • (Boolean)

    true if it is enable; false otherwise



177
178
179
180
181
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 177

def enabled?
  return false unless installed?

  Yast::Service.Enabled(SERVICE)
end

#exportHash

Return a map with current firewalld settings.

Returns:

  • (Hash)

    dump firewalld settings



154
155
156
157
158
159
160
161
162
163
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 154

def export
  return {} unless installed?
  {
    "enable_firewall"    => enabled?,
    "start_firewall"     => running?,
    "default_zone"       => default_zone,
    "log_denied_packets" => log_denied_packets,
    "zones"              => zones.map(&:export)
  }
end

#find_service(name) ⇒ Y2Firewall::Firewalld::Service

Return from the services list the one which matches the given name

the given name

Parameters:

  • name (String)

    the service name

Returns:



108
109
110
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 108

def find_service(name)
  services.find { |s| s.name == name } || read_service(name)
end

#find_zone(name) ⇒ Y2Firewall::Firewalld::Zone?

Return from the zones list the one which matches the given name

given name

Parameters:

  • name (String)

    the zone name

Returns:



99
100
101
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 99

def find_zone(name)
  zones.find { |z| z.name == name }
end

#installed?Boolean

Return whether the firewalld package is installed or not

Returns:

  • (Boolean)

    true if it is installed; false otherwise



168
169
170
171
172
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 168

def installed?
  return true if @installed

  @installed = Yast::PackageSystem.Installed(PACKAGE)
end

#modified?Boolean

Return true if the logging config or any of the zones where modified since read

Returns:

  • (Boolean)

    true if the config was modified; false otherwise



131
132
133
134
135
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 131

def modified?
  default_zone != api.default_zone ||
    log_denied_packets != api.log_denied_packets ||
    zones.any?(&:modified?)
end

#readBoolean

Read the current firewalld configuration initializing the zones and other attributes as logging.

Returns:

  • (Boolean)

    true



84
85
86
87
88
89
90
91
92
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 84

def read
  return false unless installed?
  @zones = ZoneParser.new(api.zones, api.list_all_zones).parse
  @log_denied_packets = api.log_denied_packets
  @default_zone       = api.default_zone
  # The list of services is not read or initialized because takes time and
  # affects to the performance and also the services are rarely touched.
  @read = true
end

#read?Boolean

Return whether the configuration has been read

otherwise

Returns:

  • (Boolean)

    true if the configuration has been read; false



214
215
216
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 214

def read?
  @read
end

#read_service(name) ⇒ Y2Firewall::Firewalld::Service

It reads the configuration of the given service or create it from scratch if not exist. After read adds it to the list of touched services.

Parameters:

  • name (String)

    the service name

Returns:

Raises:



117
118
119
120
121
122
123
124
125
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 117

def read_service(name)
  raise(Service::NotFound, name) unless installed?
  service = Y2Firewall::Firewalld::Service.new(name: name)
  raise(Service::NotFound, name) if !service.supported?

  service.read
  @services << service
  service
end

#restartBoolean

Restart the firewalld service

Returns:

  • (Boolean)

    true if it has been restarted; false otherwise



186
187
188
189
190
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 186

def restart
  return false unless installed?

  Yast::Service.Restart(SERVICE)
end

#startBoolean

Start the firewalld service

Returns:

  • (Boolean)

    true if it has been started; false otherwise



204
205
206
207
208
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 204

def start
  return false if !installed? || running?

  Yast::Service.Start(SERVICE)
end

#stopBoolean

Stop the firewalld service

Returns:

  • (Boolean)

    true if it has been stopped; false otherwise



195
196
197
198
199
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 195

def stop
  return false if !installed? || !running?

  Yast::Service.Stop(SERVICE)
end

#writeObject

Apply the changes to the modified zones and sets the logging option



138
139
140
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 138

def write
  write_only && reload
end

#write_onlyObject

Apply the changes to the modified zones and sets the logging option



143
144
145
146
147
148
149
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 143

def write_only
  return false unless installed?
  zones.each { |z| z.apply_changes! if z.modified? }
  api.log_denied_packets = log_denied_packets if log_denied_packets != api.log_denied_packets
  api.default_zone       = default_zone if default_zone != api.default_zone
  true
end