| blob | 3bc69da6cb87b6924088b62c628f62d94a75edd2 |
1 #!/usr/bin/python3
2 import optparse
3 import os, sys, re
4 import pickle
5 try:
6 from firewall.core.rich import Rich_Rule
7 except ImportError:
8 Rich_Rule = None
10 sys.path.insert(0, "bin/python")
12 if __name__ == "__main__":
13 parser = optparse.OptionParser('firewall-cmd [options]')
14 parser.add_option('--list-interfaces', default=False, action="store_true")
15 parser.add_option('--permanent', default=False, action="store_true")
16 parser.add_option('--new-zone')
17 parser.add_option('--get-zones', default=False, action="store_true")
18 parser.add_option('--delete-zone')
19 parser.add_option('--zone')
20 parser.add_option('--add-interface')
21 parser.add_option('--add-rich-rule')
22 parser.add_option('--remove-rich-rule')
23 parser.add_option('--list-rich-rules', default=False, action="store_true")
25 (opts, args) = parser.parse_args()
27 # Use a dir we can write to in the testenv
28 if 'LOCAL_PATH' in os.environ:
29 data_dir = os.path.realpath(os.environ.get('LOCAL_PATH'))
30 else:
31 data_dir = os.path.dirname(os.path.realpath(__file__))
32 dump_file = os.path.join(data_dir, 'firewall-cmd.dump')
33 if os.path.exists(dump_file):
34 with open(dump_file, 'rb') as r:
35 data = pickle.load(r)
36 else:
37 data = {}
39 if opts.list_interfaces:
40 if not opts.zone: # default zone dummy interface
41 print('eth0')
42 else:
43 assert 'zone_interfaces' in data
44 assert opts.zone in data['zone_interfaces'].keys()
45 for interface in data['zone_interfaces'][opts.zone]:
46 sys.stdout.write('%s ' % interface)
47 print()
48 elif opts.new_zone:
49 if 'zones' not in data:
50 data['zones'] = []
51 if opts.new_zone not in data['zones']:
52 data['zones'].append(opts.new_zone)
53 elif opts.get_zones:
54 if 'zones' in data:
55 for zone in data['zones']:
56 sys.stdout.write('%s ' % zone)
57 print()
58 elif opts.delete_zone:
59 assert 'zones' in data
60 assert opts.delete_zone in data['zones']
61 data['zones'].remove(opts.delete_zone)
62 if len(data['zones']) == 0:
63 del data['zones']
64 if 'zone_interfaces' in data and opts.zone in data['zone_interfaces'].keys():
65 del data['zone_interfaces'][opts.zone]
66 elif opts.add_interface:
67 assert opts.zone
68 assert 'zones' in data
69 assert opts.zone in data['zones']
70 if 'zone_interfaces' not in data:
71 data['zone_interfaces'] = {}
72 if opts.zone not in data['zone_interfaces'].keys():
73 data['zone_interfaces'][opts.zone] = []
74 if opts.add_interface not in data['zone_interfaces'][opts.zone]:
75 data['zone_interfaces'][opts.zone].append(opts.add_interface)
76 elif opts.add_rich_rule:
77 assert opts.zone
78 if 'rules' not in data:
79 data['rules'] = {}
80 if opts.zone not in data['rules']:
81 data['rules'][opts.zone] = []
82 # Test rule parsing if firewalld is installed
83 if Rich_Rule:
84 # Parsing failure will throw an exception
85 rule = str(Rich_Rule(rule_str=opts.add_rich_rule))
86 else:
87 rule = opts.add_rich_rule
88 if rule not in data['rules'][opts.zone]:
89 data['rules'][opts.zone].append(rule)
90 elif opts.remove_rich_rule:
91 assert opts.zone
92 assert 'rules' in data
93 assert opts.zone in data['rules'].keys()
94 if Rich_Rule:
95 rich_rule = str(Rich_Rule(rule_str=opts.remove_rich_rule))
96 assert rich_rule in data['rules'][opts.zone]
97 data['rules'][opts.zone].remove(rich_rule)
98 else:
99 assert opts.remove_rich_rule in data['rules'][opts.zone]
100 data['rules'][opts.zone].remove(opts.remove_rich_rule)
101 elif opts.list_rich_rules:
102 assert opts.zone
103 assert 'rules' in data
104 assert opts.zone in data['rules'].keys()
105 for rule in data['rules'][opts.zone]:
106 print(rule)
108 if opts.permanent:
109 if data == {}:
110 if os.path.exists(dump_file):
111 os.unlink(dump_file)
112 else:
113 with open(dump_file, 'wb') as w:
114 pickle.dump(data, w)