From 9b8de9ce33e671a89ea8fd0b6e9c391c0b779726 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Wed, 23 May 2018 14:35:10 -0400 Subject: [PATCH 3/5] firewall-offline-cmd: add --check-config option (cherry picked from commit 749e64b74cff231585667417b37ff4f60af65dc0) --- src/firewall-offline-cmd | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/firewall-offline-cmd b/src/firewall-offline-cmd index 7f7c10739f77..13ecfadf4080 100755 --- a/src/firewall-offline-cmd +++ b/src/firewall-offline-cmd @@ -35,6 +35,7 @@ from firewall.errors import FirewallError from firewall import config from firewall.core.fw_test import Firewall_test from firewall.functions import joinArgs, splitArgs +from firewall.core.io.functions import check_config from firewall.core.io.zone import zone_reader from firewall.core.io.service import service_reader from firewall.core.io.ipset import ipset_reader @@ -62,6 +63,7 @@ General Options -q, --quiet Do not print status messages --system-config Path to firewalld system configuration --default-config Path to firewalld default configuration + --check-config Check system and default configuration Lokkit Compatibility Options --migrate-system-config-firewall= @@ -532,6 +534,7 @@ parser_group_lokkit.add_argument("--block-icmp", metavar="", action='a parser.add_argument("--system-config", metavar="path") parser.add_argument("--default-config", metavar="path") +parser.add_argument("--check-config", action="store_true") parser_group_standalone = parser.add_mutually_exclusive_group() parser_group_standalone.add_argument("-h", "--help", @@ -970,7 +973,8 @@ cmd.set_verbose(a.verbose) if not (options_standalone or options_ipset or \ options_lokkit or \ options_icmptype or options_service or options_helper or \ - options_permanent or options_direct or options_desc_xml_file): + options_permanent or options_direct or options_desc_xml_file or \ + a.check_config): cmd.fail(parser.format_usage() + "No option specified.") if options_lokkit and (options_standalone or \ @@ -1035,6 +1039,16 @@ if a.system_config: config.set_system_config_paths(a.system_config) if a.default_config: config.set_default_config_paths(a.default_config) +if a.check_config: + try: + fw = Firewall_test() + fw.start() + check_config(fw) + except FirewallError as error: + cmd.print_and_exit("Configuration error: %s" % error, error.code) + except Exception as msg: + cmd.fail("Configuration error: %s" % msg) + sys.exit(0) zone = a.zone fw = Firewall_test() -- 2.16.3