Class: Y2Firewall::Firewalld

Inherits:
Object
  • Object
show all
Extended by:
Forwardable, Relations
Includes:
Singleton, Yast::Logger
Defined in:
library/network/src/lib/y2firewall/firewalld.rb,
library/network/src/lib/y2firewall/firewalld/api.rb,
library/network/src/lib/y2firewall/firewalld/zone.rb,
library/network/src/lib/y2firewall/firewalld/service.rb,
library/network/src/lib/y2firewall/firewalld/api/zones.rb,
library/network/src/lib/y2firewall/firewalld/interface.rb,
library/network/src/lib/y2firewall/firewalld/relations.rb,
library/network/src/lib/y2firewall/firewalld/zone_reader.rb,
library/network/src/lib/y2firewall/firewalld/api/services.rb,
library/network/src/lib/y2firewall/firewalld/service_reader.rb

Overview

Main class to interact with Firewalld

Examples:

Enable the cluster service into the external zone


require "y2firewall/firewalld"

f = Y2Firewall::Firewalld.instance
f.read
external = f.find_zone("external")
external.services #=> ["ssh", "dns", "samba-client"]
external.add_service("cluster")
f.write

Defined Under Namespace

Modules: Relations Classes: Api, Error, Interface, Service, ServiceReader, Zone, ZoneReader

Constant Summary collapse

PACKAGE =
"firewalld".freeze
SERVICE =
"firewalld".freeze
DEFAULT_ZONE =
"public".freeze
DEFAULT_LOG =
"off".freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Relations

enable_modifications_cache, has_attributes, has_many

Constructor Details

#initializeFirewalld

Constructor


77
78
79
80
81
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 77

def initialize
  load_defaults
  untouched!
  @read = false
end

Instance Attribute Details

#apiY2Firewall::Firewalld::Api

Convenience method to instantiate the firewalld API


254
255
256
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 254

def api
  @api ||= Api.new
end

#current_service_namesArray<String>

Returns current service names.

Returns:

  • (Array<String>)

    current service names.


62
63
64
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 62

def current_service_names
  @current_service_names
end

#current_zone_namesArray<String>

Returns current zone names.

Returns:

  • (Array<String>)

    current zone names.


60
61
62
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 60

def current_zone_names
  @current_zone_names
end

#servicesArray<Y2Firewall::Firewalld::Service>

Returns firewalld services. To avoid performance problems it is empty by default and the services are added when needed by the find_service method.

Returns:

  • (Array<Y2Firewall::Firewalld::Service>)

    firewalld services. To avoid performance problems it is empty by default and the services are added when needed by the find_service method.


66
67
68
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 66

def services
  @services
end

#zonesArray<Y2Firewall::Firewalld::Zone>

Returns firewalld zones.

Returns:


58
59
60
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 58

def zones
  @zones
end

Instance Method Details

#add_zone(name) ⇒ Boolean

Given a zone name it will add a new Zone to the current list of defined ones just in case it does not exist yet.

Parameters:

  • name (String)

    zone name

Returns:

  • (Boolean)

    true if the new zone was added; false in case the zone was alredy defined


113
114
115
116
117
118
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 113

def add_zone(name)
  return false if find_zone(name)

  zones << Y2Firewall::Firewalld::Zone.new(name: name)
  true
end

#apply_zones_changes!Object

Apply the changes done in each of the modified zones. It will create or delete all the new or removed zones depending on each case.


188
189
190
191
192
193
194
195
196
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 188

def apply_zones_changes!
  zones.each do |zone|
    api.create_zone(zone.name) unless current_zone_names.include?(zone.name)
    zone.apply_changes! if zone.modified?
  end
  current_zone_names.each do |name|
    api.delete_zone(name) if zones.none? { |z| z.name == name }
  end
end

#enabled?Boolean

Check whether the firewalld service is enable or not

Returns:

  • (Boolean)

    true if it is enable; false otherwise


210
211
212
213
214
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 210

def enabled?
  return false unless installed?

  Yast::Service.Enabled(SERVICE)
end

#find_service(name) ⇒ Y2Firewall::Firewalld::Service

Return from the services list the one which matches the given name

Parameters:

  • name (String)

    the service name

Returns:


143
144
145
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 143

def find_service(name)
  services.find { |s| s.name == name } || read_service(name)
end

#find_zone(name) ⇒ Y2Firewall::Firewalld::Zone?

Return from the zones list the one which matches the given name

Parameters:

  • name (String)

    the zone name

Returns:


134
135
136
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 134

def find_zone(name)
  zones.find { |z| z.name == name }
end

#installed?Boolean

Return whether the firewalld package is installed or not

Returns:

  • (Boolean)

    true if it is installed; false otherwise


201
202
203
204
205
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 201

def installed?
  return true if @installed

  @installed = Yast::PackageSystem.Installed(PACKAGE)
end

#modified?(*item) ⇒ Boolean

Return true if the logging config or any of the zones where modified since read

Returns:

  • (Boolean)

    true if the config was modified; false otherwise


164
165
166
167
168
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 164

def modified?(*item)
  return modified.include?(item.first) if !item.empty?

  !modified.empty? || zones.any?(&:modified?)
end

#read(minimal: false) ⇒ Boolean

Note:

when a minimal read is requested it neither parses the zones definition nor initializes any single value attributes

Read the current firewalld configuration initializing the zones and other attributes as logging.

Parameters:

  • minimal (Boolean) (defaults to: false)

    when true does a minimal object initialization

Returns:

  • (Boolean)

    true


91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 91

def read(minimal: false)
  return false unless installed?

  @current_zone_names = api.zones
  @current_service_names = api.services
  if minimal
    @zones = current_zone_names.map { |n| Zone.new(name: n) }
  else
    @zones = zone_reader.read
    read_attributes
  end
  # The list of services is not read or initialized because takes time and
  # affects to the performance and also the services are rarely touched.
  @read = true
end

#read?Boolean

Return whether the configuration has been read

Returns:

  • (Boolean)

    true if the configuration has been read; false otherwise


247
248
249
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 247

def read?
  @read
end

#read_service(name) ⇒ Y2Firewall::Firewalld::Service

It reads the configuration of the given service or create it from scratch if not exist. After read adds it to the list of touched services.

Parameters:

  • name (String)

    the service name

Returns:

Raises:


152
153
154
155
156
157
158
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 152

def read_service(name)
  raise(Service::NotFound, name) unless installed?

  service = ServiceReader.new.read(name)
  services << service
  service
end

#remove_zone(name) ⇒ Boolean

Remove the given zone from the list of zones

Parameters:

  • name (String)

    zone name

Returns:

  • (Boolean)

    true if it was removed; false otherwise


124
125
126
127
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 124

def remove_zone(name)
  removed = zones.reject! { |z| z.name == name }
  !removed.nil?
end

#resetObject

Reset all the changes done initializing the instance with the defaults


266
267
268
269
270
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 266

def reset
  load_defaults
  untouched!
  @read = false
end

#restartBoolean

Restart the firewalld service

Returns:

  • (Boolean)

    true if it has been restarted; false otherwise


219
220
221
222
223
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 219

def restart
  return false unless installed?

  Yast::Service.Restart(SERVICE)
end

#startBoolean

Start the firewalld service

Returns:

  • (Boolean)

    true if it has been started; false otherwise


237
238
239
240
241
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 237

def start
  return false if !installed? || running?

  Yast::Service.Start(SERVICE)
end

#stopBoolean

Stop the firewalld service

Returns:

  • (Boolean)

    true if it has been stopped; false otherwise


228
229
230
231
232
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 228

def stop
  return false if !installed? || !running?

  Yast::Service.Stop(SERVICE)
end

#system_serviceYast2::SystemService?

Convenience method to instantiate the firewalld system service

Returns:


261
262
263
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 261

def system_service
  @system_service ||= Yast2::SystemService.find(SERVICE)
end

#writeObject

Apply the changes to the modified zones and sets the logging option


171
172
173
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 171

def write
  write_only && reload
end

#write_onlyObject

Apply the changes to the modified zones and sets the logging option


176
177
178
179
180
181
182
183
184
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 176

def write_only
  return false unless installed?

  read unless read?
  apply_zones_changes!
  apply_attributes_changes!
  untouched!
  true
end