Permalink
Browse files

ports: allow querying a single added by range

When a range of ports was added with --add-port the individual ports
within that range were not query-able via --query-ports.

Fixes: rhbz 1404076
  • Loading branch information...
erig0 committed Aug 21, 2018
1 parent db2d72e commit 2925de324443eb4567c02d1608a256327e4f3fe3
Showing with 33 additions and 3 deletions.
  1. +11 −2 src/firewall/core/fw_zone.py
  2. +12 −0 src/firewall/functions.py
  3. +10 −1 src/firewall/server/config_zone.py
@@ -24,7 +24,8 @@
ZONE_SOURCE_IPSET_TYPES
from firewall.core.logger import log
from firewall.functions import portStr, checkIPnMask, checkIP6nMask, \
checkProtocol, enable_ip_forwarding, check_single_address, check_mac
checkProtocol, enable_ip_forwarding, check_single_address, check_mac, \
portInPortRange
from firewall.core.rich import Rich_Rule, Rich_Accept, \
Rich_Mark, Rich_Service, Rich_Port, Rich_Protocol, \
Rich_Masquerade, Rich_ForwardPort, Rich_SourcePort, Rich_IcmpBlock, \
@@ -935,7 +936,15 @@ def __unregister_port(self, _obj, port_id):
del _obj.settings["ports"][port_id]

def query_port(self, zone, port, protocol):
return self.__port_id(port, protocol) in self.get_settings(zone)["ports"]
if self.__port_id(port, protocol) in self.get_settings(zone)["ports"]:
return True
else:
# It might be a single port query that is inside a range
for (_port, _protocol) in self.get_settings(zone)["ports"]:
if portInPortRange(port, _port) and protocol == _protocol:
return True

return False

def list_ports(self, zone):
return list(self.get_settings(zone)["ports"].keys())
@@ -140,6 +140,18 @@ def portStr(port, delimiter=":"):
else:
return "%s%s%s" % (_range[0], delimiter, _range[1])

def portInPortRange(port, range):
_port = getPortID(port)
_range = getPortRange(range)

if len(_range) == 1:
return _port == getPortID(_range[0])
if len(_range) == 2 and \
_port >= getPortID(_range[0]) and _port <= getPortID(_range[1]):
return True

return False

def getServiceName(port, proto):
""" Check and Get service name from port and proto string combination using socket.getservbyport
@@ -41,6 +41,7 @@
dbus_handle_exceptions, dbus_service_method
from firewall import errors
from firewall.errors import FirewallError
from firewall.functions import portInPortRange

############################################################################
#
@@ -483,7 +484,15 @@ def queryPort(self, port, protocol, sender=None): # pylint: disable=W0613
protocol = dbus_to_python(protocol, str)
log.debug1("%s.queryPort('%s', '%s')", self._log_prefix, port,
protocol)
return (port,protocol) in self.getSettings()[6]
if (port,protocol) in self.getSettings()[6]:
return True
else:
# It might be a single port query that is inside a range
for (_port, _protocol) in self.getSettings()[6]:
if portInPortRange(port, _port) and protocol == _protocol:
return True

return False

# protocol

0 comments on commit 2925de3

Please sign in to comment.