Class: Y2Firewall::Firewalld::Api

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Includes:
Services, Zones, Yast::I18n, Yast::Logger
Defined in:
library/network/src/lib/y2firewall/firewalld/api.rb,
library/network/src/lib/y2firewall/firewalld/api/zones.rb,
library/network/src/lib/y2firewall/firewalld/api/services.rb

Overview

Firewalld command line API supporting two modes (:offline and :running)

The :offline mode is useful in environments where the daemon is not running or the DBUS API is not accesible, in other case the :running mode should be used.

Defined Under Namespace

Modules: Services, Zones

Constant Summary collapse

COMMAND =

Map firewalld modes with their command line tools

{ offline: "firewall-offline-cmd", running: "firewall-cmd" }.freeze
PACKAGE =

FIXME: Do not like to define twice

"firewalld".freeze
SUCCESS =

Modification commands were applied successfully

"success".freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Zones

#add_interface, #add_masquerade, #add_port, #add_protocol, #add_service, #change_interface, #create_zone, #delete_zone, #description, #interface_enabled?, #interface_zone, #list_all, #list_all_zones, #list_interfaces, #list_ports, #list_protocols, #list_services, #masquerade_enabled?, #modify_description, #modify_masquerade, #modify_short, #modify_target, #port_enabled?, #protocol_enabled?, #remove_interface, #remove_masquerade, #remove_port, #remove_protocol, #remove_service, #service_enabled?, #short, #target, #zones

Methods included from Services

#add_service_port, #create_service, #delete_service, #info_service, #modify_service_description, #modify_service_short, #remove_service_port, #service_description, #service_modules, #service_ports, #service_protocols, #service_short, #service_supported?, #services

Constructor Details

#initialize(mode: nil, permanent: true) ⇒ Api

Constructor

Parameters:

  • mode (Symbol, nil) (defaults to: nil)

    defines which cmdline should be used if the running or the offline one. Possible values are: :offline, :running

  • permanent (Boolean) (defaults to: true)

    whether the configuration should be written permanently or in runtime when firewalld is running.


67
68
69
70
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 67

def initialize(mode: nil, permanent: true)
  @mode = mode || (running? ? :running : :offline)
  @permanent = !offline? && permanent
end

Instance Attribute Details

#modeObject

Determines the mode in which firewalld is running and as consequence the command to be used.


59
60
61
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 59

def mode
  @mode
end

Instance Method Details

#complete_reloadBoolean

Do a complete reload of the firewall if running. In offline mode just return true as a reload is not needed to apply the changes

Returns:

  • (Boolean)

    true if the firewall was reloaded completely with success


153
154
155
156
157
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 153

def complete_reload
  return true if offline?

  modify_command("--complete-reload")
end

#default_zoneString

Returns default zone.

Returns:

  • (String)

    default zone


128
129
130
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 128

def default_zone
  string_command("--get-default-zone")
end

#disable!Object

Disables the firewalld service


105
106
107
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 105

def disable!
  offline? ? run_command("--disable") : Yast::Service.Disable("firewalld")
end

#enable!Object

Enables the firewalld service


100
101
102
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 100

def enable!
  offline? ? run_command("--enable") : Yast::Service.Enable("firewalld")
end

#log_denied_packetsString

Returns packet type which is being logged when denied.

Returns:

  • (String)

    packet type which is being logged when denied


175
176
177
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 175

def log_denied_packets
  string_command("--get-log-denied").strip
end

#log_denied_packets?(kind) ⇒ Boolean

Returns True if desired packet type is being logged when denied.

Parameters:

  • kind (String)

    Denied packets to log. Possible values are: all, unicast, broadcast, multicast and off

Returns:

  • (Boolean)

    True if desired packet type is being logged when denied


164
165
166
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 164

def log_denied_packets?(kind)
  string_command("--get-log-denied").strip == kind
end

#modify_default_zone(zone) ⇒ Object

Set the default zone

Parameters:

  • zone (String)

    The firewall zone


135
136
137
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 135

def modify_default_zone(zone)
  modify_command("--set-default-zone=#{zone}")
end

#modify_log_denied_packets(kind) ⇒ Object

Parameters:

  • kind (String)

    Denied packets to log. Possible values are: all, unicast, broadcast, multicast and off


170
171
172
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 170

def modify_log_denied_packets(kind)
  modify_command("--set-log-denied=#{kind}")
end

#offline?Boolean

Whether the mode is :offline or not

Returns:

  • (Boolean)

    true if current mode if :offline; false otherwise


75
76
77
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 75

def offline?
  @mode == :offline
end

#permanent?Boolean

Whether the command called to modify configuration should make the changes permanent or not

Returns:

  • (Boolean)

83
84
85
86
87
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 83

def permanent?
  return false if offline?

  @permanent
end

#reloadBoolean

Do a reload of the firewall if running. In offline mode just return true as a reload is not needed to apply the changes.

Returns:

  • (Boolean)

    true if the firewall was reloaded successfully


143
144
145
146
147
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 143

def reload
  return true if offline?

  modify_command("--reload")
end

#running?Boolean

Whether firewalld is running or not

Returns:

  • (Boolean)

    true if the state is running; false otherwise


92
93
94
95
96
97
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 92

def running?
  return false if Yast::Stage.initial
  return false if !Yast::PackageSystem.Installed(PACKAGE)

  state == "running"
end

#stateString

Return the current state of the firewalld service (running or not running)

Returns:

  • (String)

    firewalld service state

See Also:


114
115
116
117
118
119
120
121
122
123
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 114

def state
  case Yast::Execute.on_target("firewall-cmd", "--state", allowed_exitstatus: [0, 252])
  when 0
    "running"
  when 252
    "not running"
  else
    "unknown"
  end
end