Class: Y2Firewall::Firewalld

Inherits:
Object
  • Object
show all
Extended by:
Forwardable, Relations
Includes:
Singleton, Yast::Logger
Defined in:
library/network/src/lib/y2firewall/firewalld.rb,
library/network/src/lib/y2firewall/firewalld/api.rb,
library/network/src/lib/y2firewall/firewalld/zone.rb,
library/network/src/lib/y2firewall/firewalld/service.rb,
library/network/src/lib/y2firewall/firewalld/api/zones.rb,
library/network/src/lib/y2firewall/firewalld/interface.rb,
library/network/src/lib/y2firewall/firewalld/relations.rb,
library/network/src/lib/y2firewall/firewalld/zone_reader.rb,
library/network/src/lib/y2firewall/firewalld/api/services.rb,
library/network/src/lib/y2firewall/firewalld/service_reader.rb

Overview

Main class to interact with Firewalld

Examples:

Enable the cluster service into the external zone


require "y2firewall/firewalld"

f = Y2Firewall::Firewalld.instance
f.read
external = f.find_zone("external")
external.services #=> ["ssh", "dns", "samba-client"]
external.add_service("cluster")
f.write

Defined Under Namespace

Modules: Relations Classes: Api, Error, Interface, Service, ServiceReader, Zone, ZoneReader

Constant Summary collapse

PACKAGE =
"firewalld".freeze
SERVICE =
"firewalld".freeze
DEFAULT_ZONE =
"public".freeze
DEFAULT_LOG =
"off".freeze
DEFAULTS_DIR =
"/usr/lib/firewalld".freeze
CUSTOM_DIR =
"/etc/firewalld".freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Relations

enable_modifications_cache, has_attributes, has_many

Constructor Details

#initializeFirewalld

Constructor


79
80
81
82
83
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 79

def initialize
  load_defaults
  untouched!
  @read = false
end

Instance Attribute Details

#apiY2Firewall::Firewalld::Api

Convenience method to instantiate the firewalld API


259
260
261
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 259

def api
  @api ||= Api.new
end

#current_service_namesArray<String>

Returns current service names.

Returns:

  • (Array<String>)

    current service names.


62
63
64
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 62

def current_service_names
  @current_service_names
end

#current_zone_namesArray<String>

Returns current zone names.

Returns:

  • (Array<String>)

    current zone names.


60
61
62
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 60

def current_zone_names
  @current_zone_names
end

#servicesArray<Y2Firewall::Firewalld::Service>

Returns firewalld services. To avoid performance problems it is empty by default and the services are added when needed by the find_service method.

Returns:

  • (Array<Y2Firewall::Firewalld::Service>)

    firewalld services. To avoid performance problems it is empty by default and the services are added when needed by the find_service method.


66
67
68
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 66

def services
  @services
end

#zonesArray<Y2Firewall::Firewalld::Zone>

Returns firewalld zones.

Returns:


58
59
60
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 58

def zones
  @zones
end

Instance Method Details

#add_zone(name) ⇒ Boolean

Given a zone name it will add a new Zone to the current list of defined ones just in case it does not exist yet.

Parameters:

  • name (String)

    zone name

Returns:

  • (Boolean)

    true if the new zone was added; false in case the zone was alredy defined


118
119
120
121
122
123
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 118

def add_zone(name)
  return false if find_zone(name)

  zones << Y2Firewall::Firewalld::Zone.new(name: name)
  true
end

#apply_zones_changes!Object

Apply the changes done in each of the modified zones. It will create or delete all the new or removed zones depending on each case.


193
194
195
196
197
198
199
200
201
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 193

def apply_zones_changes!
  zones.each do |zone|
    api.create_zone(zone.name) unless current_zone_names.include?(zone.name)
    zone.apply_changes! if zone.modified?
  end
  current_zone_names.each do |name|
    api.delete_zone(name) if zones.none? { |z| z.name == name }
  end
end

#enabled?Boolean

Check whether the firewalld service is enable or not

Returns:

  • (Boolean)

    true if it is enable; false otherwise


215
216
217
218
219
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 215

def enabled?
  return false unless installed?

  Yast::Service.Enabled(SERVICE)
end

#find_service(name) ⇒ Y2Firewall::Firewalld::Service

Return from the services list the one which matches the given name

Parameters:

  • name (String)

    the service name

Returns:


148
149
150
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 148

def find_service(name)
  services.find { |s| s.name == name } || read_service(name)
end

#find_zone(name) ⇒ Y2Firewall::Firewalld::Zone?

Return from the zones list the one which matches the given name

Parameters:

  • name (String)

    the zone name

Returns:


139
140
141
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 139

def find_zone(name)
  zones.find { |z| z.name == name }
end

#installed?Boolean

Return whether the firewalld package is installed or not

Returns:

  • (Boolean)

    true if it is installed; false otherwise


206
207
208
209
210
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 206

def installed?
  return true if @installed

  @installed = Yast::PackageSystem.Installed(PACKAGE)
end

#modified?(*item) ⇒ Boolean

Return true if the logging config or any of the zones were modified since read

Returns:

  • (Boolean)

    true if the config was modified; false otherwise


169
170
171
172
173
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 169

def modified?(*item)
  return modified.include?(item.first) if !item.empty?

  !modified.empty? || zones.any?(&:modified?)
end

#modified_from_default(resource, target_root: "/") ⇒ Array<String>

Return the item names modified from the defaults of the given resource

Examples:

Obtain modified zones


f.modified_from_default("zones") #=> ["internal", "public"]

Parameters:

  • resource (String)

Returns:

  • (Array<String>)

286
287
288
289
290
291
292
293
294
295
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 286

def modified_from_default(resource, target_root: "/")
  return if resource.to_s.empty?

  resource_dir = File.join(target_root, CUSTOM_DIR, resource)
  return [] unless Dir.exist?(resource_dir)

  Dir.chdir(resource_dir) do
    Dir.glob("*.xml").map { |file| File.basename(file, ".xml") }
  end
end

#read(minimal: false) ⇒ Boolean

Note:

when a minimal read is requested it neither parses the zones definition nor initializes any single value attributes

Read the current firewalld configuration initializing the zones and other attributes as logging.

Parameters:

  • minimal (Boolean) (defaults to: false)

    when true does a minimal object initialization

Returns:

  • (Boolean)

    true


93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 93

def read(minimal: false)
  return false unless installed?

  # Force a reset of the API instance when reading the first time (bsc#1166698)
  @api = nil

  @current_zone_names = api.zones
  @current_service_names = api.services
  if minimal
    @zones = current_zone_names.map { |n| Zone.new(name: n) }
  else
    @zones = zone_reader.read
    read_attributes
  end
  # The list of services is not read or initialized because takes time and
  # affects to the performance and also the services are rarely touched.
  @read = true
end

#read?Boolean

Return whether the configuration has been read

Returns:

  • (Boolean)

    true if the configuration has been read; false otherwise


252
253
254
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 252

def read?
  @read
end

#read_service(name) ⇒ Y2Firewall::Firewalld::Service

It reads the configuration of the given service or create it from scratch if not exist. After read adds it to the list of touched services.

Parameters:

  • name (String)

    the service name

Returns:

Raises:


157
158
159
160
161
162
163
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 157

def read_service(name)
  raise(Service::NotFound, name) unless installed?

  service = ServiceReader.new.read(name)
  services << service
  service
end

#remove_zone(name) ⇒ Boolean

Remove the given zone from the list of zones

Parameters:

  • name (String)

    zone name

Returns:

  • (Boolean)

    true if it was removed; false otherwise


129
130
131
132
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 129

def remove_zone(name)
  removed = zones.reject! { |z| z.name == name }
  !removed.nil?
end

#resetObject

Reset all the changes done initializing the instance with the defaults


271
272
273
274
275
276
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 271

def reset
  load_defaults
  untouched!
  @api = nil
  @read = false
end

#restartBoolean

Restart the firewalld service

Returns:

  • (Boolean)

    true if it has been restarted; false otherwise


224
225
226
227
228
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 224

def restart
  return false unless installed?

  Yast::Service.Restart(SERVICE)
end

#startBoolean

Start the firewalld service

Returns:

  • (Boolean)

    true if it has been started; false otherwise


242
243
244
245
246
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 242

def start
  return false if !installed? || running?

  Yast::Service.Start(SERVICE)
end

#stopBoolean

Stop the firewalld service

Returns:

  • (Boolean)

    true if it has been stopped; false otherwise


233
234
235
236
237
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 233

def stop
  return false if !installed? || !running?

  Yast::Service.Stop(SERVICE)
end

#system_serviceYast2::SystemService?

Convenience method to instantiate the firewalld system service

Returns:


266
267
268
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 266

def system_service
  @system_service ||= Yast2::SystemService.find(SERVICE)
end

#writeObject

Apply the changes to the modified zones and sets the logging option


176
177
178
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 176

def write
  write_only && reload
end

#write_onlyObject

Apply the changes to the modified zones and sets the logging option


181
182
183
184
185
186
187
188
189
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 181

def write_only
  return false unless installed?

  read unless read?
  apply_zones_changes!
  apply_attributes_changes!
  untouched!
  true
end