Merge pull request #2151 from Yingshun/firewall_direct_rule

utils_iptables: support to add/remove/get direct rule

virttest/utils_iptables.py

@@ -235,16 +235,19 @@ def lists(self, key='all', **dargs):
         self.command(cmd, **dargs)
         return self.output
 
-    def get(self, key='zones', **dargs):
+    def get(self, key='zones', is_direct=False, **dargs):
         """
         Method to get existing zones/services etc.,
 
         :param key: key to be get from firewall-cmd
+        :param is_direct: True to get with direct option
         :param dargs: Additional arguments for the command
 
         :return: output of the --get-*
         """
         cmd = "--get-%s" % key
+        if is_direct:
+            cmd = "--direct " + cmd
         dargs['firewalld_reload'] = False
         self.command(cmd, **dargs)
         return self.output
@@ -315,3 +318,33 @@ def reload(self, complete=False):
         self.status, self.output = self.func(cmd)
 
         return self.status == 0
+
+    def add_direct_rule(self, rule, **dargs):
+        """
+        Method to add direct rule by firewall-cmd
+
+        :param rule: Rule to be added
+        :param dargs: Additional arguments for the command
+
+        :return: True on success, False on failure.
+        """
+        dargs["zone"] = None
+        dargs["firewalld_reload"] = False
+        cmd = "--direct --add-rule %s" % (rule)
+        self.command(cmd, **dargs)
+        return self.status == 0
+
+    def remove_direct_rule(self, rule, **dargs):
+        """
+        Method to remove direct rule by firewall-cmd
+
+        :param rule: Rule to be removed
+        :param dargs: Additional arguments for the command
+
+        :return: True on success, False on failure.
+        """
+        dargs["zone"] = None
+        dargs["firewalld_reload"] = False
+        cmd = "--direct --remove-rule %s" % (rule)
+        self.command(cmd, **dargs)
+        return self.status == 0