You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
122 lines
5.0 KiB
122 lines
5.0 KiB
From c37c84f095d820cbd137a285e263075472934502 Mon Sep 17 00:00:00 2001 |
|
From: Eric Garver <e@erig.me> |
|
Date: Thu, 31 May 2018 14:15:57 -0400 |
|
Subject: [PATCH 4/5] firewall-cmd: add --check-config option |
|
|
|
Fixes: rhbz 1477771 |
|
(cherry picked from commit b071536beb7ef2c91adb79c7769a265fc74ab15f) |
|
--- |
|
doc/xml/firewalld.dbus.xml | 11 +++++++++++ |
|
src/firewall-cmd | 6 +++++- |
|
src/firewall/client.py | 5 +++++ |
|
src/firewall/server/firewalld.py | 11 +++++++++++ |
|
4 files changed, 32 insertions(+), 1 deletion(-) |
|
|
|
diff --git a/doc/xml/firewalld.dbus.xml b/doc/xml/firewalld.dbus.xml |
|
index f02edb173f6e..acdbb5fd6e00 100644 |
|
--- a/doc/xml/firewalld.dbus.xml |
|
+++ b/doc/xml/firewalld.dbus.xml |
|
@@ -347,6 +347,17 @@ |
|
</para> |
|
</listitem> |
|
</varlistentry> |
|
+ <varlistentry id="FirewallD1.Methods.checkPermanentConfig"> |
|
+ <term><methodname>checkPermanentConfig</methodname>() → Nothing</term> |
|
+ <listitem> |
|
+ <para> |
|
+ Run checks on the permanent configuration. This is most useful if changes were made manually to configuration files. |
|
+ </para> |
|
+ <para> |
|
+ Possible errors: any |
|
+ </para> |
|
+ </listitem> |
|
+ </varlistentry> |
|
<varlistentry id="FirewallD1.Methods.setDefaultZone"> |
|
<term><methodname>setDefaultZone</methodname>(s: <parameter>zone</parameter>) → Nothing</term> |
|
<listitem> |
|
diff --git a/src/firewall-cmd b/src/firewall-cmd |
|
index 1a864b32e819..b80115564e1b 100755 |
|
--- a/src/firewall-cmd |
|
+++ b/src/firewall-cmd |
|
@@ -59,6 +59,7 @@ Status Options |
|
--complete-reload Reload firewall and lose state information |
|
--runtime-to-permanent |
|
Create permanent from runtime configuration |
|
+ --check-config Check permanent configuration for errors |
|
|
|
Log Denied Options |
|
--get-log-denied Print the log denied value |
|
@@ -484,6 +485,7 @@ parser_group_standalone.add_argument("--reload", action="store_true") |
|
parser_group_standalone.add_argument("--complete-reload", action="store_true") |
|
parser_group_standalone.add_argument("--runtime-to-permanent", |
|
action="store_true") |
|
+parser_group_standalone.add_argument("--check-config", action="store_true") |
|
parser_group_standalone.add_argument("--get-ipset-types", action="store_true") |
|
parser_group_standalone.add_argument("--get-log-denied", action="store_true") |
|
parser_group_standalone.add_argument("--set-log-denied", metavar="<value>") |
|
@@ -750,7 +752,7 @@ options_standalone = a.help or a.version or \ |
|
a.get_default_zone or a.set_default_zone or \ |
|
a.get_active_zones or a.get_ipset_types or \ |
|
a.get_log_denied or a.set_log_denied or \ |
|
- a.get_automatic_helpers or a.set_automatic_helpers |
|
+ a.get_automatic_helpers or a.set_automatic_helpers or a.check_config |
|
|
|
options_desc_xml_file = a.set_description or a.get_description or \ |
|
a.set_short or a.get_short |
|
@@ -2039,6 +2041,8 @@ elif a.complete_reload: |
|
fw.complete_reload() |
|
elif a.runtime_to_permanent: |
|
fw.runtimeToPermanent() |
|
+elif a.check_config: |
|
+ fw.checkPermanentConfig() |
|
elif a.direct: |
|
if a.passthrough: |
|
if len(a.passthrough) < 2: |
|
diff --git a/src/firewall/client.py b/src/firewall/client.py |
|
index f90bbd78eb73..da45ceb5b964 100644 |
|
--- a/src/firewall/client.py |
|
+++ b/src/firewall/client.py |
|
@@ -2760,6 +2760,11 @@ class FirewallClient(object): |
|
def runtimeToPermanent(self): |
|
self.fw.runtimeToPermanent() |
|
|
|
+ @slip.dbus.polkit.enable_proxy |
|
+ @handle_exceptions |
|
+ def checkPermanentConfig(self): |
|
+ self.fw.checkPermanentConfig() |
|
+ |
|
@slip.dbus.polkit.enable_proxy |
|
@handle_exceptions |
|
def get_property(self, prop): |
|
diff --git a/src/firewall/server/firewalld.py b/src/firewall/server/firewalld.py |
|
index fc7422f12261..2cecc4771cb0 100644 |
|
--- a/src/firewall/server/firewalld.py |
|
+++ b/src/firewall/server/firewalld.py |
|
@@ -42,6 +42,7 @@ from firewall.dbus_utils import dbus_to_python, \ |
|
command_of_sender, context_of_sender, uid_of_sender, user_of_uid, \ |
|
dbus_introspection_prepare_properties, \ |
|
dbus_introspection_add_properties |
|
+from firewall.core.io.functions import check_config |
|
from firewall.core.io.zone import Zone |
|
from firewall.core.io.ipset import IPSet |
|
from firewall.core.io.service import Service |
|
@@ -336,6 +337,16 @@ class FirewallD(slip.dbus.service.Object): |
|
def Reloaded(self): |
|
log.debug1("Reloaded()") |
|
|
|
+ @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) |
|
+ @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', |
|
+ out_signature='') |
|
+ @dbus_handle_exceptions |
|
+ def checkPermanentConfig(self, sender=None): # pylint: disable=W0613 |
|
+ """Check permanent configuration |
|
+ """ |
|
+ log.debug1("checkPermanentConfig()") |
|
+ check_config(self.fw) |
|
+ |
|
# runtime to permanent |
|
|
|
@slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) |
|
-- |
|
2.16.3 |
|
|
|
|