Class: Y2Firewall::Firewalld::Api

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Includes:
Services, Zones, Yast::I18n, Yast::Logger
Defined in:
library/network/src/lib/y2firewall/firewalld/api.rb,
library/network/src/lib/y2firewall/firewalld/api/zones.rb,
library/network/src/lib/y2firewall/firewalld/api/services.rb

Overview

Firewalld command line API supporting two modes (:offline and :running)

The :offline mode is useful in environments where the daemon is not running or the DBUS API is not accesible, in other case the :running mode should be used.

Defined Under Namespace

Modules: Services, Zones

Constant Summary collapse

COMMAND =

Map firewalld modes with their command line tools

{ offline: "firewall-offline-cmd", running: "firewall-cmd" }.freeze
PACKAGE =

FIXME: Do not like to define twice

"firewalld".freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Zones

#add_interface, #add_masquerade, #add_port, #add_protocol, #add_service, #add_source, #change_interface, #change_source, #interface_enabled?, #interface_zone, #list_all, #list_all_zones, #list_interfaces, #list_ports, #list_protocols, #list_services, #list_sources, #masquerade_enabled?, #port_enabled?, #protocol_enabled?, #remove_interface, #remove_masquerade, #remove_port, #remove_protocol, #remove_service, #remove_source, #service_enabled?, #zones

Methods included from Services

#add_service_port, #info_service, #new_service, #remove_service_port, #service_description, #service_modules, #service_ports, #service_protocols, #service_short, #service_supported?, #services

Constructor Details

#initialize(mode: nil, permanent: true) ⇒ Api

Constructor



61
62
63
64
65
66
67
68
69
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 61

def initialize(mode: nil, permanent: true)
  @mode =
    if mode == :running || running?
      :running
    else
      :offline
    end
  @permanent = permanent
end

Instance Attribute Details

#modeObject

Determines the mode in which firewalld is running and as consequence the command to be used.



58
59
60
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 58

def mode
  @mode
end

Instance Method Details

#complete_reloadBoolean

Do a complete reload of the firewall if running. In offline mode just return true as a reload is not needed to apply the changes

Returns:

  • (Boolean)

    The firewalld complete-reload result (exit code)



146
147
148
149
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 146

def complete_reload
  return true if offline?
  run_command("--complete-reload")
end

#default_zoneString

Return the default zone

Returns:

  • (String)

    default zone



121
122
123
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 121

def default_zone
  string_command("--get-default-zone")
end

#default_zone=(zone) ⇒ String

Set the default zone

Parameters:

  • zone (String)

    The firewall zone

Returns:

  • (String)

    default zone



129
130
131
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 129

def default_zone=(zone)
  run_command("--set-default-zone=#{zone}")
end

#disable!Object



102
103
104
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 102

def disable!
  offline? ? run_command("--disable") : Yast::Service.Disable("firewalld")
end

#enable!Object



98
99
100
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 98

def enable!
  offline? ? run_command("--enable") : Yast::Service.Enable("firewalld")
end

#log_denied_packetsString

Returns packet type which is being logged when denied

Returns:

  • (String)

    packet type which is being logged when denied



169
170
171
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 169

def log_denied_packets
  string_command("--get-log-denied").strip
end

#log_denied_packets=(kind) ⇒ Boolean

all, unicast, broadcast, multicast and off when denied

Parameters:

  • kind (String)

    Denied packets to log. Possible values are:

Returns:

  • (Boolean)

    True if desired packet type was set to being logged



164
165
166
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 164

def log_denied_packets=(kind)
  run_command("--set-log-denied=#{kind}")
end

#log_denied_packets?(kind) ⇒ Boolean

all, unicast, broadcast, multicast and off

Parameters:

  • kind (String)

    Denied packets to log. Possible values are:

Returns:

  • (Boolean)

    True if desired packet type is being logged when denied



156
157
158
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 156

def log_denied_packets?(kind)
  string_command("--get-log-denied").strip == kind ? true : false
end

#offline?Boolean

Whether the mode is :offline or not

Returns:

  • (Boolean)

    true if current mode if :offline; false otherwise



74
75
76
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 74

def offline?
  @mode == :offline
end

#permanent?Boolean

Whether the command called to modify configuration should make the changes permanent or not

Returns:

  • (Boolean)


82
83
84
85
86
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 82

def permanent?
  return false if offline?

  @permanent
end

#reloadBoolean

Do a reload of the firewall if running. In offline mode just return true as a reload is not needed to apply the changes.

Returns:

  • (Boolean)

    The firewalld reload result (exit code)



137
138
139
140
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 137

def reload
  return true if offline?
  run_command("--reload")
end

#running?Boolean

Whether firewalld is running or not

Returns:

  • (Boolean)

    true if the state is running; false otherwise



91
92
93
94
95
96
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 91

def running?
  return false if Yast::Stage.initial
  return false if !Yast::PackageSystem.Installed(PACKAGE)

  state == "running"
end

#stateBoolean

Returns The firewalld service state (exit code)

Returns:

  • (Boolean)

    The firewalld service state (exit code)



107
108
109
110
111
112
113
114
115
116
# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 107

def state
  case Yast::Execute.on_target("firewallctl", "state", allowed_exitstatus: [0, 252])
  when 0
    "running"
  when 252
    "not running"
  else
    "unknown"
  end
end