Class: Yast::FirewalldWrapperClass

Inherits:
Module
  • Object
show all
Includes:
Logger
Defined in:
library/network/src/modules/firewalld_wrapper.rb

Overview

This module add support for handling firewalld configuration and it is mainly a firewalld wrapper. It is inteded to be used mostly by YaST modules written in Perl like yast-dns-server.

Constant Summary collapse

VALID_PROTOCOLS =
["udp", "tcp", "sctp", "dccp"].freeze

Instance Method Summary collapse

Constructor Details

#initializeFirewalldWrapperClass

Returns a new instance of FirewalldWrapperClass.


37
38
39
40
# File 'library/network/src/modules/firewalld_wrapper.rb', line 37

def initialize
  Yast.import "PortAliases"
  Yast.import "PortRanges"
end

Instance Method Details

#add_port(port_or_range, protocol, interface) ⇒ Object

Add the port or range of ports with the given protocol to the zone the interface belongs to. The port can be either a number or known service name.

interface zone; the port can be either a number or a known service name

Examples:

FirewalldWrapper.add_port("80", "TCP", "eth0")
FirewalldWrapper.add_port("8080:8090", "TCP", "eth0")
FirewalldWrapper.add_port("nameserver", "UDP", "eth0")

Parameters:

  • port_or_range (String)

    port or range of ports to be added to the

  • protocol (String)

    port protocol

  • interface (String)

    interface name


70
71
72
73
74
75
76
77
78
79
# File 'library/network/src/modules/firewalld_wrapper.rb', line 70

def add_port(port_or_range, protocol, interface)
  return false unless valid_port?(port_or_range)
  return false unless supported_protocol?(protocol)

  zone = interface_zone(interface)
  return false unless zone

  port = "#{port_or_range.sub(":", "-")}/#{protocol.downcase}"
  zone.add_port(port)
end

#all_known_interfacesArray<Hash>

Return an array with all the known (sysconfig configured) firewalld interfaces.

Returns:

  • (Array<Hash>)

    known interfaces e.g. [{ "id":"eth0", "name":"Askey 815C", "zone":"EXT"} , ... ]


151
152
153
154
155
156
# File 'library/network/src/modules/firewalld_wrapper.rb', line 151

def all_known_interfaces
  Y2Firewall::Firewalld::Interface.known.map do |interface|
    { "id" => interface.name, "zone" => zone_name_of_interface(interface.name),
      "name" => interface.device_name }
  end
end

#is_enabledBoolean

Check whether the firewalld service is enable or not

Returns:

  • (Boolean)

    true if it is enable; false otherwise


109
110
111
# File 'library/network/src/modules/firewalld_wrapper.rb', line 109

def is_enabled
  firewalld.enabled?
end

#is_modifiedBoolean

Return true if the logging config or any of the zones where modified since read

Returns:

  • (Boolean)

    true if the config was modified; false otherwise


117
118
119
# File 'library/network/src/modules/firewalld_wrapper.rb', line 117

def is_modified
  firewalld.modified?
end

#is_service_in_zone(service, zone_name) ⇒ Boolean

Check if the service belongs to the zone

Parameters:

  • service (String)

    service name

  • zone (String)

    zone name

Returns:

  • (Boolean)

    true if service is in zone


139
140
141
142
143
144
# File 'library/network/src/modules/firewalld_wrapper.rb', line 139

def is_service_in_zone(service, zone_name)
  zone = firewalld.find_zone(zone_name)
  return false unless zone

  zone.services.include?(service)
end

#modify_interface_services(services, interfaces, status) ⇒ Object

sets status for several services on several network interfaces.

Parameters:

  • list (string)

    service ids

  • list (string)

    network interfaces

  • boolean

    new status of services


163
164
165
166
167
168
169
170
171
172
173
174
# File 'library/network/src/modules/firewalld_wrapper.rb', line 163

def modify_interface_services(services, interfaces, status)
  interfaces.each do |interface|
    zone = interface_zone(interface)
    next unless zone

    if status
      services.each { |service| zone.add_service(service) }
    else
      services.each { |service| zone.remove_service(service) }
    end
  end
end

#readObject

Convenience method for calling firewalld.read


43
44
45
# File 'library/network/src/modules/firewalld_wrapper.rb', line 43

def read
  firewalld.read
end

#remove_port(port_or_range, protocol, interface) ⇒ Object

Remove the port or range of ports with the given protocol to the zone the interface belongs to. The port can be either a number or known service name.

the interface zone; the port can be either a number or a known service name

Examples:

FirewalldWrapper.remove_port("80", "TCP", "eth0")
FirewalldWrapper.remove_port("8080:8090", "TCP", "eth0")
FirewalldWrapper.remove_port("nameserver", "UDP", "eth0")

Parameters:

  • port_or_range (String)

    port or range of ports to be removed from

  • protocol (String)

    port protocol

  • interface (String)

    interface name


95
96
97
98
99
100
101
102
103
104
# File 'library/network/src/modules/firewalld_wrapper.rb', line 95

def remove_port(port_or_range, protocol, interface)
  return false unless valid_port?(port_or_range)
  return false unless supported_protocol?(protocol)

  zone = interface_zone(interface)
  return false unless zone

  port = "#{port_or_range.sub(":", "-")}/#{protocol.downcase}"
  zone.remove_port(port)
end

#writeObject

Convenience method for calling firewalld.write


48
49
50
# File 'library/network/src/modules/firewalld_wrapper.rb', line 48

def write
  firewalld.write
end

#write_onlyObject

Convenience method for calling firewalld.write_only


53
54
55
# File 'library/network/src/modules/firewalld_wrapper.rb', line 53

def write_only
  firewalld.write_only
end

#zone_name_of_interface(interface) ⇒ String

Evaluate the zone name of an interface

Parameters:

  • interface (String)

    interface name

Returns:

  • (String)

    zone name (nil; not found)


126
127
128
129
130
131
# File 'library/network/src/modules/firewalld_wrapper.rb', line 126

def zone_name_of_interface(interface)
  zone = interface_zone(interface)
  return nil unless zone

  zone.name
end