You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
132 lines
5.3 KiB
132 lines
5.3 KiB
From 2342548148763cca0579da98ed0a682d22beb49d Mon Sep 17 00:00:00 2001 |
|
From: Eric Garver <e@erig.me> |
|
Date: Fri, 1 Jun 2018 09:37:34 -0400 |
|
Subject: [PATCH 2/5] firewall/core/io/functions: add check_config() |
|
|
|
This is a utility function to run checks on all the configuration files. |
|
|
|
(cherry picked from commit 4164148b88f1882eabde4eeb4cc9a45506aff0fa) |
|
--- |
|
po/POTFILES.in | 1 + |
|
src/Makefile.am | 1 + |
|
src/firewall/core/io/functions.py | 84 +++++++++++++++++++++++++++++++++++++++ |
|
3 files changed, 86 insertions(+) |
|
create mode 100644 src/firewall/core/io/functions.py |
|
|
|
diff --git a/po/POTFILES.in b/po/POTFILES.in |
|
index 12cdbf2c6929..2332f8acc4eb 100644 |
|
--- a/po/POTFILES.in |
|
+++ b/po/POTFILES.in |
|
@@ -70,6 +70,7 @@ src/firewall/core/prog.py |
|
src/firewall/core/watcher.py |
|
src/firewall/core/io/__init__.py |
|
src/firewall/core/io/firewalld_conf.py |
|
+src/firewall/core/io/functions.py |
|
src/firewall/core/io/icmptype.py |
|
src/firewall/core/io/io_object.py |
|
src/firewall/core/io/service.py |
|
diff --git a/src/Makefile.am b/src/Makefile.am |
|
index b249c2e5fd46..b44ae0c1eca4 100644 |
|
--- a/src/Makefile.am |
|
+++ b/src/Makefile.am |
|
@@ -34,6 +34,7 @@ nobase_dist_python_DATA = \ |
|
firewall/core/__init__.py \ |
|
firewall/core/io/direct.py \ |
|
firewall/core/io/firewalld_conf.py \ |
|
+ firewall/core/io/functions.py \ |
|
firewall/core/io/helper.py \ |
|
firewall/core/io/icmptype.py \ |
|
firewall/core/io/ifcfg.py \ |
|
diff --git a/src/firewall/core/io/functions.py b/src/firewall/core/io/functions.py |
|
new file mode 100644 |
|
index 000000000000..7509a5390e12 |
|
--- /dev/null |
|
+++ b/src/firewall/core/io/functions.py |
|
@@ -0,0 +1,84 @@ |
|
+# -*- coding: utf-8 -*- |
|
+# |
|
+# Copyright (C) 2018 Red Hat, Inc. |
|
+# |
|
+# Authors: |
|
+# Eric Garver <egarver@redhat.com> |
|
+# |
|
+# This program is free software; you can redistribute it and/or modify |
|
+# it under the terms of the GNU General Public License as published by |
|
+# the Free Software Foundation; either version 2 of the License, or |
|
+# (at your option) any later version. |
|
+# |
|
+# This program is distributed in the hope that it will be useful, |
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
+# GNU General Public License for more details. |
|
+# |
|
+# You should have received a copy of the GNU General Public License |
|
+# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
+# |
|
+ |
|
+import os |
|
+ |
|
+from firewall import config |
|
+from firewall.errors import FirewallError |
|
+ |
|
+from firewall.core.io.zone import zone_reader |
|
+from firewall.core.io.service import service_reader |
|
+from firewall.core.io.ipset import ipset_reader |
|
+from firewall.core.io.icmptype import icmptype_reader |
|
+from firewall.core.io.helper import helper_reader |
|
+from firewall.core.io.direct import Direct |
|
+from firewall.core.io.lockdown_whitelist import LockdownWhitelist |
|
+from firewall.core.io.firewalld_conf import firewalld_conf |
|
+ |
|
+def check_config(fw=None): |
|
+ readers = { |
|
+ "ipset" : (ipset_reader, [config.FIREWALLD_IPSETS, config.ETC_FIREWALLD_IPSETS]), |
|
+ "helper" : (helper_reader, [config.FIREWALLD_HELPERS, config.ETC_FIREWALLD_HELPERS]), |
|
+ "icmptype" : (icmptype_reader, [config.FIREWALLD_ICMPTYPES, config.ETC_FIREWALLD_ICMPTYPES]), |
|
+ "service" : (service_reader, [config.FIREWALLD_SERVICES, config.ETC_FIREWALLD_SERVICES]), |
|
+ "zone" : (zone_reader, [config.FIREWALLD_ZONES, config.ETC_FIREWALLD_ZONES]), |
|
+ } |
|
+ for reader in readers.keys(): |
|
+ for dir in readers[reader][1]: |
|
+ if not os.path.isdir(dir): |
|
+ continue |
|
+ for file in sorted(os.listdir(dir)): |
|
+ if file.endswith(".xml"): |
|
+ try: |
|
+ obj = readers[reader][0](file, dir) |
|
+ if fw and reader == "zone": |
|
+ obj.fw_config = fw.config |
|
+ obj.check_config(obj.export_config()) |
|
+ except FirewallError as error: |
|
+ raise FirewallError(error.code, "'%s': %s" % (file, error.msg)) |
|
+ except Exception as msg: |
|
+ raise Exception("'%s': %s" % (file, msg)) |
|
+ if os.path.isfile(config.FIREWALLD_DIRECT): |
|
+ try: |
|
+ obj = Direct(config.FIREWALLD_DIRECT) |
|
+ obj.read() |
|
+ obj.check_config(obj.export_config()) |
|
+ except FirewallError as error: |
|
+ raise FirewallError(error.code, "'%s': %s" % (config.FIREWALLD_DIRECT, error.msg)) |
|
+ except Exception as msg: |
|
+ raise Exception("'%s': %s" % (config.FIREWALLD_DIRECT, msg)) |
|
+ if os.path.isfile(config.LOCKDOWN_WHITELIST): |
|
+ try: |
|
+ obj = LockdownWhitelist(config.LOCKDOWN_WHITELIST) |
|
+ obj.read() |
|
+ obj.check_config(obj.export_config()) |
|
+ except FirewallError as error: |
|
+ raise FirewallError(error.code, "'%s': %s" % (config.LOCKDOWN_WHITELIST, error.msg)) |
|
+ except Exception as msg: |
|
+ raise Exception("'%s': %s" % (config.LOCKDOWN_WHITELIST, msg)) |
|
+ if os.path.isfile(config.FIREWALLD_CONF): |
|
+ try: |
|
+ obj = firewalld_conf(config.FIREWALLD_CONF) |
|
+ obj.read() |
|
+ except FirewallError as error: |
|
+ raise FirewallError(error.code, "'%s': %s" % (config.FIREWALLD_CONF, error.msg)) |
|
+ except Exception as msg: |
|
+ raise Exception("'%s': %s" % (config.FIREWALLD_CONF, msg)) |
|
-- |
|
2.16.3 |
|
|
|
|