Skip to content

Commit

Permalink
Merge pull request #807 from yast/extend_firewall_api
Browse files Browse the repository at this point in the history 
Extend the firewalld API
  • Loading branch information
@jreidinger
jreidinger committed Nov 30, 2018
2 parents 0781c64 + 22d48e1 commit 482eecb
Show file tree
Hide file tree
Showing 11 changed files with 144 additions and 894 deletions.
29 changes: 28 additions & 1 deletion library/network/src/lib/y2firewall/firewalld.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,27 @@ def read(minimal: false)
@read = true
end

# Given a zone name it will add a new Zone to the current list of defined
# ones just in case it does not exist yet.
#
# @param name [String] zone name
# @return [Boolean] true if the new zone was added; false in case the zone
# was alredy defined
def add_zone(name)
return false if find_zone(name)
zones << Y2Firewall::Firewalld::Zone.new(name: name)
true
end

# Remove the given zone from the list of zones
#
# @param name [String] zone name
# @return [Boolean] true if it was removed; false otherwise
def remove_zone(name)
removed = zones.reject! { |z| z.name == name }
!removed.nil?
end

# Return from the zones list the one which matches the given name
#
# @param name [String] the zone name
Expand Down Expand Up @@ -162,7 +183,13 @@ def write_only
# Apply the changes done in each of the modified zones. It will create or
# delete all the new or removed zones depending on each case.
def apply_zones_changes!
zones.select(&:modified?).each(&:apply_changes!)
zones.each do |zone|
api.create_zone(zone.name) unless current_zone_names.include?(zone.name)
zone.apply_changes! if zone.modified?
end
current_zone_names.each do |name|
api.delete_zone(name) if zones.none? { |z| z.name == name }
end
end

# Return a map with current firewalld settings.
Expand Down
98 changes: 98 additions & 0 deletions library/network/src/lib/y2firewall/firewalld/api/zones.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,22 @@ def zones
string_command("--get-zones").split(" ")
end

# Create the given zone in firewalld. New zones must be created
# permanently
#
# @param zone [String] The firewall zone name
def create_zone(zone)
modify_command("--new-zone=#{zone}", permanent: !offline?)
end

# Delete the given zone from firewalld. Deleted zones must be deleted
# permanently
#
# @param zone [String] The firewall zone name to be deleted
def delete_zone(zone)
modify_command("--delete-zone=#{zone}", permanent: !offline?)
end

# @param zone [String] The firewall zone
# @param permanent [Boolean] if true and firewalld is running it
# reads the permanent configuration
Expand Down Expand Up @@ -73,6 +89,30 @@ def list_sources(zone, permanent: permanent?)
string_command("--zone=#{zone}", "--list-sources", permanent: permanent).split(" ")
end

# @param zone [String] The firewall zone
# @param permanent [Boolean] if true and firewalld is running it
# reads the permanent configuration
# @return [Array<String>] list of zone's source ports
def list_source_ports(zone, permanent: permanent?)
string_command("--zone=#{zone}", "--list-source-ports", permanent: permanent).split(" ")
end

# @param zone [String] The firewall zone
# @param permanent [Boolean] if true and firewalld is running it
# reads the permanent configuration
# @return [Array<String>] list of zone's forward ports
def list_forward_ports(zone, permanent: permanent?)
string_command("--zone=#{zone}", "--list-forward-ports", permanent: permanent).split("\n")
end

# @param zone [String] The firewall zone
# @param permanent [Boolean] if true and firewalld is running it
# reads the permanent configuration
# @return [Array<String>] list of zone's rich rules
def list_rich_rules(zone, permanent: permanent?)
string_command("--zone=#{zone}", "--list-rich-rules", permanent: permanent).split("\n")
end

# @param zone [String] The firewall zone
# @param permanent [Boolean] if true and firewalld is running it
# reads the permanent configuration
Expand Down Expand Up @@ -172,6 +212,64 @@ def change_source(zone, source, permanent: permanent?)
modify_command("--zone=#{zone}", "--change-source=#{source}", permanent: permanent)
end

# @param zone [String] The firewall zone
# @param port [String] The network source port
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if the port was added
def add_source_port(zone, port, permanent: permanent?)
modify_command("--zone=#{zone}", "--add-source-port=#{port}", permanent: permanent)
end

# @param zone [String] The firewall zone
# @param port [String] The network source port
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if the port was removed
def remove_source_port(zone, port, permanent: permanent?)
modify_command("--zone=#{zone}", "--remove-source-port=#{port}", permanent: permanent)
end

# @param zone [String] The firewall zone
# @param port [String] The network forward port
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if the port was added
def add_forward_port(zone, port, permanent: permanent?)
modify_command("--zone=#{zone}", "--add-forward-port=#{port}",
permanent: permanent)
end

# @param zone [String] The firewall zone
# @param port [String] The network source port
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if the port was removed
def remove_forward_port(zone, port, permanent: permanent?)
modify_command("--zone=#{zone}", "--remove-forward-port=#{port}",
permanent: permanent)
end

# @param zone [String] The firewall zone
# @param rule [String] The firewalld rule to be added
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if the rich rule was added
def add_rich_rule(zone, rule, permanent: permanent?)
modify_command("--zone=#{zone}", "--add-rich-rule=#{rule}",
permanent: permanent)
end

# @param zone [String] The firewall zone
# @param rule [String] The firewalld rich rule to be removed
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if the rich rule was removed
def remove_rich_rule(zone, rule, permanent: permanent?)
modify_command("--zone=#{zone}", "--remove-rich-rule=#{rule}",
permanent: permanent)
end

# @param zone [String] The firewall zone
# @param service [String] The firewall service
# @return [Boolean] True if service is enabled in zone
Expand Down
4 changes: 3 additions & 1 deletion library/network/src/lib/y2firewall/firewalld/zone.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ class Zone
extend Relations
include Yast::I18n
extend Yast::I18n
include Yast::Logger

textdomain "base"

Expand All @@ -47,7 +48,8 @@ class Zone
}.freeze

# @see Y2Firewall::Firewalld::Relations
has_many :services, :interfaces, :protocols, :ports, :sources, cache: true
has_many :services, :interfaces, :protocols, :rich_rules, :sources,
:ports, :source_ports, :forward_ports, cache: true

# @see Y2Firewall::Firewalld::Relations
has_attributes :name, :masquerade, :short, :description, :target, cache: true
Expand Down
6 changes: 1 addition & 5 deletions library/network/test/Makefile.am
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,7 @@ TESTS = \
load_ipv6_cfg_test.rb \
network_interfaces_test.rb \
network_interfaces_helpers_test.rb \
network_service_test.rb \
susefirewall_proposal_test.rb \
susefirewall_services_test.rb \
susefirewall_test.rb \
susefirewalld_test.rb
network_service_test.rb

TEST_EXTENSIONS = .rb
RB_LOG_COMPILER = rspec
Expand Down
109 changes: 0 additions & 109 deletions library/network/test/susefirewall_proposal_test.rb
View file

This file was deleted.

Loading

0 comments on commit 482eecb

Please sign in to comment.