File: //usr/bin/firewallctl
#!/usr/bin/python3 -Es
# -*- coding: utf-8 -*-
#
# Copyright (C) 2009-2016 Red Hat, Inc.
#
# Authors:
# Thomas Woerner <[email protected]>
# Jiri Popelka <[email protected]>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from gi.repository import GObject
import sys
sys.modules['gobject'] = GObject
import argparse
import os
from firewall.client import FirewallClient, FirewallClientIPSetSettings, \
FirewallClientZoneSettings, FirewallClientServiceSettings, \
FirewallClientHelperSettings, FirewallClientIcmpTypeSettings
from firewall.errors import FirewallError
from firewall import errors
from firewall.functions import joinArgs, splitArgs
from firewall.core.fw_nm import nm_is_imported, \
nm_get_connection_of_interface, nm_get_zone_of_connection, \
nm_set_zone_of_connection
from firewall.core.io.zone import zone_reader
from firewall.core.io.service import service_reader
from firewall.core.io.ipset import ipset_reader
from firewall.core.io.helper import helper_reader
from firewall.core.io.icmptype import icmptype_reader
from firewall.command import FirewallCommand
#
def try_set_zone_of_interface(_zone, interface):
if nm_is_imported():
try:
connection = nm_get_connection_of_interface(interface)
except Exception:
pass
else:
if connection is not None:
if _zone == nm_get_zone_of_connection(connection):
if _zone == "":
cmd.print_warning("The interface is under control of "
"NetworkManager and already bound to "
"the default zone")
else:
cmd.print_warning("The interface is under control of "
"NetworkManager and already bound "
"to '%s'" % _zone)
if _zone == "":
cmd.print_msg("The interface is under control of "
"NetworkManager, setting zone to default.")
else:
cmd.print_msg("The interface is under control of "
"NetworkManager, setting zone "
"to '%s'." % _zone)
nm_set_zone_of_connection(_zone, connection)
return True
return False
#
parser = argparse.ArgumentParser(
description="firewall command line control utility")
subparsers = parser.add_subparsers()
# output
grp_output = parser.add_mutually_exclusive_group()
grp_output.add_argument("-v", "--verbose", action="store_true")
grp_output.add_argument("-q", "--quiet", action="store_true")
# version
grp_version = subparsers.add_parser("version", help="Show firewall version")
grp_version.set_defaults(parser="version")
# state
grp_state = subparsers.add_parser("state", help="Get firewalld state")
grp_state.set_defaults(parser="state")
# reload
grp_reload = subparsers.add_parser("reload", help="Reload firewalld")
grp_reload.set_defaults(parser="reload")
grp_reload.add_argument("-c", "--complete", action="store_true")
# runtime_to_permanent
grp_runtime_to_permanent = subparsers.add_parser(
"runtime-to-permanent", help="Save run-time as permanent configuration")
grp_runtime_to_permanent.set_defaults(parser="runtime-to-permanent")
#############################################################################
# list
grp_list = subparsers.add_parser(
"list", help="List zones, services ipsets, helpers or icmptypes")
grp_list.set_defaults(parser="list")
grp_list_subparsers = grp_list.add_subparsers(help="Commands")
grp_list_zones = grp_list_subparsers.add_parser("zones", help="List zones")
grp_list_zones.set_defaults(list="zones")
group = grp_list_zones.add_mutually_exclusive_group()
group.add_argument("-a", "--active", action="store_true")
group.add_argument("-p", "--permanent", action="store_true")
grp_list_services = grp_list_subparsers.add_parser(
"services", help="List services")
grp_list_services.set_defaults(list="services")
grp_list_services.add_argument("-p", "--permanent", action="store_true")
grp_list_ipsets = grp_list_subparsers.add_parser("ipsets", help="List ipsets")
grp_list_ipsets.set_defaults(list="ipsets")
grp_list_ipsets.add_argument("-p", "--permanent", action="store_true")
grp_list_helpers = grp_list_subparsers.add_parser(
"helpers", help="List helpers")
grp_list_helpers.set_defaults(list="helpers")
grp_list_helpers.add_argument("-p", "--permanent", action="store_true")
grp_list_icmptypes = grp_list_subparsers.add_parser(
"icmptypes", help="List icmptypes")
grp_list_icmptypes.set_defaults(list="icmptypes")
grp_list_icmptypes.add_argument("-p", "--permanent", action="store_true")
#############################################################################
# info
grp_info = subparsers.add_parser(
"info", help="Info about a zone, service, ipset, helper or icmptype")
grp_info.set_defaults(parser="info")
grp_info_subparsers = grp_info.add_subparsers(help="Commands")
grp_info_zone = grp_info_subparsers.add_parser("zone", help="Info about a zone")
grp_info_zone.set_defaults(info="zone")
grp_info_zone.add_argument("zone", action="store", metavar="<zone>")
grp_info_zone.add_argument("-p", "--permanent", action="store_true")
grp_info_zones = grp_info_subparsers.add_parser(
"zones", help="Info about all zones")
grp_info_zones.set_defaults(info="zones")
group = grp_info_zones.add_mutually_exclusive_group()
group.add_argument("-a", "--active", action="store_true")
group.add_argument("-p", "--permanent", action="store_true")
grp_info_service = grp_info_subparsers.add_parser(
"service", help="Info about a service")
grp_info_service.set_defaults(info="service")
grp_info_service.add_argument("service", action="store", metavar="<service>")
grp_info_service.add_argument("-p", "--permanent", action="store_true")
grp_info_services = grp_info_subparsers.add_parser(
"services", help="Info about all services")
grp_info_services.set_defaults(info="services")
grp_info_services.add_argument("-p", "--permanent", action="store_true")
grp_info_ipset = grp_info_subparsers.add_parser(
"ipset", help="Info about ipsets")
grp_info_ipset.set_defaults(info="ipset")
grp_info_ipset.add_argument("ipset", action="store", metavar="<ipset>")
grp_info_ipset.add_argument("-p", "--permanent", action="store_true")
grp_info_ipsets = grp_info_subparsers.add_parser(
"ipsets", help="Info about all ipsets")
grp_info_ipsets.set_defaults(info="ipsets")
grp_info_ipsets.add_argument("-p", "--permanent", action="store_true")
grp_info_helper = grp_info_subparsers.add_parser(
"helper", help="Info about a helper")
grp_info_helper.set_defaults(info="helper")
grp_info_helper.add_argument("helper", action="store", metavar="<helper>")
grp_info_helper.add_argument("-p", "--permanent", action="store_true")
grp_info_helpers = grp_info_subparsers.add_parser(
"helpers", help="Info about all helpers")
grp_info_helpers.set_defaults(info="helpers")
grp_info_helpers.add_argument("-p", "--permanent", action="store_true")
grp_info_icmptype = grp_info_subparsers.add_parser(
"icmptype", help="Info about a icmptype")
grp_info_icmptype.set_defaults(info="icmptype")
grp_info_icmptype.add_argument("icmptype", action="store", metavar="<icmptype>")
grp_info_icmptype.add_argument("-p", "--permanent", action="store_true")
grp_info_icmptypes = grp_info_subparsers.add_parser(
"icmptypes", help="Info about all icmptypes")
grp_info_icmptypes.set_defaults(info="icmptypes")
grp_info_icmptypes.add_argument("-p", "--permanent", action="store_true")
#############################################################################
# zone
grp_zone = subparsers.add_parser("zone", help="Zone commands")
grp_zone.set_defaults(parser="zone")
grp_zone.add_argument("zone", type=str, action="store", metavar="<zone>")
grp_zone.add_argument("-p", "--permanent", action="store_true")
zone_subparsers = grp_zone.add_subparsers(help="Zone Commands")
# zone.load_defaults
grp_zone_load_defaults = zone_subparsers.add_parser(
"load-defaults", help="Load defaults")
grp_zone_load_defaults.set_defaults(action="load-defaults")
# zone.add
grp_zone_add = zone_subparsers.add_parser("add", help="Add commands")
grp_zone_add.set_defaults(action="add")
zone_add_subparsers = grp_zone_add.add_subparsers()
# zone.add.interface
grp_zone_add_interface = zone_add_subparsers.add_parser(
"interface", help="Add interface")
grp_zone_add_interface.set_defaults(item="interface", required=True)
grp_zone_add_interface.add_argument("interface", metavar="<interface>",
nargs="+")
# zone.add.source
grp_zone_add_source = zone_add_subparsers.add_parser("source",
help="Add source")
grp_zone_add_source.set_defaults(item="source", required=True)
grp_zone_add_source.add_argument("source", metavar="<source>", nargs="+")
# zone.add.service
grp_zone_add_service = zone_add_subparsers.add_parser("service",
help="Add service")
grp_zone_add_service.set_defaults(item="service", required=True)
grp_zone_add_service.add_argument("service", metavar="<service>", nargs="+")
grp_zone_add_service.add_argument("-t", "--timeout", type=int, default=0,
metavar="<seconds>")
# zone.add.port
grp_zone_add_port = zone_add_subparsers.add_parser("port", help="Add port")
grp_zone_add_port.set_defaults(item="port")
grp_zone_add_port.add_argument("port", metavar="<port>", nargs="+")
grp_zone_add_port.add_argument("-t", "--timeout", type=int, default=0,
metavar="<seconds>")
# zone.add.protocol
grp_zone_add_protocol = zone_add_subparsers.add_parser("protocol",
help="Add protocol")
grp_zone_add_protocol.set_defaults(item="protocol")
grp_zone_add_protocol.add_argument("protocol", metavar="<protocol>", nargs="+")
grp_zone_add_protocol.add_argument("-t", "--timeout", type=int, default=0,
metavar="<seconds>")
# zone.add.source-port
grp_zone_add_source_port = zone_add_subparsers.add_parser(
"source-port", help="Add source port")
grp_zone_add_source_port.set_defaults(item="source-port")
grp_zone_add_source_port.add_argument("port", metavar="<source-port>",
nargs="+")
grp_zone_add_source_port.add_argument("-t", "--timeout", type=int, default=0,
metavar="<seconds>")
# zone.add.rich-rule
grp_zone_add_rich_rule = zone_add_subparsers.add_parser("rich-rule",
help="Add rich rule")
grp_zone_add_rich_rule.set_defaults(item="rich-rule", required=True)
grp_zone_add_rich_rule.add_argument("rich_rule", metavar="<rich-rule>",
nargs="+")
grp_zone_add_rich_rule.add_argument("-t", "--timeout", type=int, default=0,
metavar="<seconds>")
# zone.add.masquerade
grp_zone_add_masquerade = zone_add_subparsers.add_parser("masquerade",
help="Add masquerade")
grp_zone_add_masquerade.set_defaults(item="masquerade", required=True)
grp_zone_add_masquerade.add_argument("-t", "--timeout", type=int, default=0,
metavar="<seconds>")
# zone.add.forward-port
grp_zone_add_forward_port = zone_add_subparsers.add_parser(
"forward-port", help="Add forward-port")
grp_zone_add_forward_port.set_defaults(item="forward-port")
grp_zone_add_forward_port.add_argument("forward_port",
metavar="<forward-port>", nargs="+")
grp_zone_add_forward_port.add_argument("-t", "--timeout", type=int, default=0,
metavar="<seconds>")
# zone.add.icmp-block
grp_zone_add_icmp_block = zone_add_subparsers.add_parser("icmp-block",
help="Add icmp-block")
grp_zone_add_icmp_block.set_defaults(item="icmp-block", required=True)
grp_zone_add_icmp_block.add_argument("icmp_block", metavar="<icmp-block>",
nargs="+")
grp_zone_add_icmp_block.add_argument("-t", "--timeout", type=int, default=0,
metavar="<seconds>")
# zone.add.icmp-block-inversion
grp_zone_add_icmp_block_inversion = zone_add_subparsers.add_parser(
"icmp-block-inversion", help="Add icmp-block-inversion")
grp_zone_add_icmp_block_inversion.set_defaults(item="icmp-block-inversion",
required=True)
# zone.get
grp_zone_get = zone_subparsers.add_parser("get", help="Get commands")
grp_zone_get.set_defaults(action="get")
zone_get_subparsers = grp_zone_get.add_subparsers()
# zone.get.description
grp_zone_get_description = zone_get_subparsers.add_parser(
"description", help="Get description")
grp_zone_get_description.set_defaults(item="description")
# zone.get.short
grp_zone_get_short = zone_get_subparsers.add_parser(
"short", help="Get short")
grp_zone_get_short.set_defaults(item="short")
# zone.set
grp_zone_set = zone_subparsers.add_parser("set", help="Set commands")
grp_zone_set.set_defaults(action="set")
zone_set_subparsers = grp_zone_set.add_subparsers()
# zone.set.description
grp_zone_set_description = zone_set_subparsers.add_parser(
"description", help="Set description")
grp_zone_set_description.set_defaults(item="description")
grp_zone_set_description.add_argument("description", metavar="<description>")
# zone.set.short
grp_zone_set_short = zone_set_subparsers.add_parser(
"short", help="Set short")
grp_zone_set_short.set_defaults(item="short")
grp_zone_set_short.add_argument("short", metavar="<short>")
# zone.remove
grp_zone_remove = zone_subparsers.add_parser("remove", help="Remove commands")
grp_zone_remove.set_defaults(action="remove")
zone_remove_subparsers = grp_zone_remove.add_subparsers()
# zone.remove.interface
grp_zone_remove_interface = zone_remove_subparsers.add_parser(
"interface", help="Remove interface")
grp_zone_remove_interface.set_defaults(item="interface")
grp_zone_remove_interface.add_argument("interface", metavar="<interface>",
nargs="+")
# zone.remove.source
grp_zone_remove_source = zone_remove_subparsers.add_parser("source",
help="Remove source")
grp_zone_remove_source.set_defaults(item="source")
grp_zone_remove_source.add_argument("source", metavar="<source>", nargs="+")
# zone.remove.service
grp_zone_remove_service = zone_remove_subparsers.add_parser(
"service", help="Remove service")
grp_zone_remove_service.set_defaults(item="service")
grp_zone_remove_service.add_argument("service", metavar="<service>", nargs="+")
# zone.remove.port
grp_zone_remove_port = zone_remove_subparsers.add_parser("port",
help="Remove port")
grp_zone_remove_port.set_defaults(item="port")
grp_zone_remove_port.add_argument("port", metavar="<port>", nargs="+")
# zone.remove.protocol
grp_zone_remove_protocol = zone_remove_subparsers.add_parser(
"protocol", help="Remove protocol")
grp_zone_remove_protocol.set_defaults(item="protocol")
grp_zone_remove_protocol.add_argument("protocol", metavar="<protocol>",
nargs="+")
# zone.remove.source-port
grp_zone_remove_source_port = zone_remove_subparsers.add_parser(
"source-port", help="Remove source port")
grp_zone_remove_source_port.set_defaults(item="source-port")
grp_zone_remove_source_port.add_argument("port", metavar="<source-port>",
nargs="+")
# zone.remove.rich-rule
grp_zone_remove_rich_rule = zone_remove_subparsers.add_parser(
"rich-rule", help="Remove rich rule")
grp_zone_remove_rich_rule.set_defaults(item="rich-rule", required=True)
grp_zone_remove_rich_rule.add_argument("rich_rule", metavar="<rich-rule>",
nargs="+")
# zone.remove.masquerade
grp_zone_remove_masquerade = zone_remove_subparsers.add_parser(
"masquerade", help="Add masquerade")
grp_zone_remove_masquerade.set_defaults(item="masquerade", required=True)
# zone.remove.forward-port
grp_zone_remove_forward_port = zone_remove_subparsers.add_parser(
"forward-port", help="Remove forward port")
grp_zone_remove_forward_port.set_defaults(item="forward-port")
grp_zone_remove_forward_port.add_argument("forward_port",
metavar="<forward-port>", nargs="+")
# zone.remove.icmp-block
grp_zone_remove_icmp_block = zone_remove_subparsers.add_parser(
"icmp-block", help="Remove icmp block")
grp_zone_remove_icmp_block.set_defaults(item="icmp-block")
grp_zone_remove_icmp_block.add_argument("icmp_block", metavar="<icmp-block>",
nargs="+")
# zone.remove.icmp-block-inversion
grp_zone_remove_icmp_block_inversion = zone_remove_subparsers.add_parser(
"icmp-block-inversion", help="Remove icmp block inversion")
grp_zone_remove_icmp_block_inversion.set_defaults(item="icmp-block-inversion")
# zone.query
grp_zone_query = zone_subparsers.add_parser("query", help="Query commands")
grp_zone_query.set_defaults(action="query")
zone_query_subparsers = grp_zone_query.add_subparsers()
# zone.query.interface
grp_zone_query_interface = zone_query_subparsers.add_parser(
"interface", help="Query interface")
grp_zone_query_interface.set_defaults(item="interface")
grp_zone_query_interface.add_argument("interface", metavar="<interface>",
nargs="+")
# zone.query.source
grp_zone_query_source = zone_query_subparsers.add_parser("source",
help="Query source")
grp_zone_query_source.set_defaults(item="source")
grp_zone_query_source.add_argument("source", metavar="<source>", nargs="+")
# zone.query.service
grp_zone_query_service = zone_query_subparsers.add_parser("service",
help="Query service")
grp_zone_query_service.set_defaults(item="service")
grp_zone_query_service.add_argument("service", metavar="<service>", nargs="+")
# zone.query.port
grp_zone_query_port = zone_query_subparsers.add_parser("port",
help="Query port")
grp_zone_query_port.set_defaults(item="port")
grp_zone_query_port.add_argument("port", metavar="<port>", nargs="+")
# zone.query.protocol
grp_zone_query_protocol = zone_query_subparsers.add_parser(
"protocol", help="Query protocol")
grp_zone_query_protocol.set_defaults(item="protocol")
grp_zone_query_protocol.add_argument("protocol", metavar="<protocol>",
nargs="+")
# zone.query.source-port
grp_zone_query_source_port = zone_query_subparsers.add_parser(
"source-port", help="Query source port")
grp_zone_query_source_port.set_defaults(item="source-port")
grp_zone_query_source_port.add_argument("port", metavar="<source-port>",
nargs="+")
# zone.query.rich-rule
grp_zone_query_rich_rule = zone_query_subparsers.add_parser(
"rich-rule", help="Query rich rule")
grp_zone_query_rich_rule.set_defaults(item="rich-rule")
grp_zone_query_rich_rule.add_argument("rich_rule", metavar="<rich-rule>",
nargs="+")
# zone.query.masquerade
grp_zone_query_masquerade = zone_query_subparsers.add_parser(
"masquerade", help="Query masquerade")
grp_zone_query_masquerade.set_defaults(item="masquerade")
# zone.query.forward-port
grp_zone_query_forward_port = zone_query_subparsers.add_parser(
"forward-port", help="Query forward port")
grp_zone_query_forward_port.set_defaults(item="forward-port")
grp_zone_query_forward_port.add_argument("forward_port",
metavar="<forward-port>", nargs="+")
# zone.query.icmp-block
grp_zone_query_icmp_block = zone_query_subparsers.add_parser(
"icmp-block", help="Query icmp block")
grp_zone_query_icmp_block.set_defaults(item="icmp-block")
grp_zone_query_icmp_block.add_argument("icmp_block", metavar="<icmp-block>",
nargs="+")
# zone.query.icmp-block-inversion
grp_zone_query_icmp_block_inversion = zone_query_subparsers.add_parser(
"icmp-block-inversion", help="Query icmp block inversion")
grp_zone_query_icmp_block_inversion.set_defaults(item="icmp-block-inversion")
# zone.list
grp_zone_list = zone_subparsers.add_parser("list", help="List commands")
grp_zone_list.set_defaults(action="list")
zone_list_subparsers = grp_zone_list.add_subparsers()
# zone.list.interfaces
grp_zone_list_interfaces = zone_list_subparsers.add_parser(
"interfaces", help="List interfaces")
grp_zone_list_interfaces.set_defaults(item="interfaces")
# zone.list.sources
grp_zone_list_sources = zone_list_subparsers.add_parser("sources",
help="List sources")
grp_zone_list_sources.set_defaults(item="sources")
# zone.list.services
grp_zone_list_services = zone_list_subparsers.add_parser("services",
help="List services")
grp_zone_list_services.set_defaults(item="services")
# zone.list.ports
grp_zone_list_ports = zone_list_subparsers.add_parser("ports",
help="List ports")
grp_zone_list_ports.set_defaults(item="ports")
# zone.list.protocols
grp_zone_list_protocols = zone_list_subparsers.add_parser("protocols",
help="List protocols")
grp_zone_list_protocols.set_defaults(item="protocols")
# zone.list.source-ports
grp_zone_list_source_ports = zone_list_subparsers.add_parser(
"source-ports", help="List source-ports")
grp_zone_list_source_ports.set_defaults(item="source-ports")
# zone.list.rich-rules
grp_zone_list_rich_rules = zone_list_subparsers.add_parser(
"rich-rules", help="List rich-rules")
grp_zone_list_rich_rules.set_defaults(item="rich-rules")
# zone.list.forward-ports
grp_zone_list_forward_ports = zone_list_subparsers.add_parser(
"forward-ports", help="List forward ports")
grp_zone_list_forward_ports.set_defaults(item="forward-ports")
# zone.list.icmp-blocks
grp_zone_list_icmp_blocks = zone_list_subparsers.add_parser(
"icmp-blocks", help="List icmp blocks")
grp_zone_list_icmp_blocks.set_defaults(item="icmp-blocks")
#############################################################################
# service
grp_service = subparsers.add_parser("service", help="Service commands")
grp_service.set_defaults(parser="service")
grp_service.add_argument("service", type=str, action="store",
metavar="<service>")
grp_service.add_argument("-p", "--permanent", action="store_true")
service_subparsers = grp_service.add_subparsers(help="Service Commands")
# service.load_defaults
grp_service_load_defaults = service_subparsers.add_parser("load-defaults",
help="Load defaults")
grp_service_load_defaults.set_defaults(action="load-defaults")
# service.add
grp_service_add = service_subparsers.add_parser("add", help="Add commands")
grp_service_add.set_defaults(action="add")
service_add_subparsers = grp_service_add.add_subparsers()
# service.add.port
grp_service_add_port = service_add_subparsers.add_parser("port",
help="Add port")
grp_service_add_port.set_defaults(item="port")
grp_service_add_port.add_argument("port", metavar="<port>", nargs="+")
# service.add.protocol
grp_service_add_protocol = service_add_subparsers.add_parser(
"protocol", help="Add protocol")
grp_service_add_protocol.set_defaults(item="protocol")
grp_service_add_protocol.add_argument("protocol", metavar="<protocol>",
nargs="+")
# service.add.source-port
grp_service_add_source_port = service_add_subparsers.add_parser(
"source-port", help="Add source port")
grp_service_add_source_port.set_defaults(item="source-port")
grp_service_add_source_port.add_argument("port", metavar="<source-port>",
nargs="+")
# service.add.module
grp_service_add_module = service_add_subparsers.add_parser("module",
help="Add module")
grp_service_add_module.set_defaults(item="module")
grp_service_add_module.add_argument("module", metavar="<module>", nargs="+")
# service.add.destination
grp_service_add_destination = service_add_subparsers.add_parser(
"destination", help="Add destination")
grp_service_add_destination.set_defaults(item="destination")
grp_service_add_destination.add_argument("destination",
metavar="<destination>", nargs="+")
# service.get
grp_service_get = service_subparsers.add_parser("get", help="Get commands")
grp_service_get.set_defaults(action="get")
service_get_subparsers = grp_service_get.add_subparsers()
# service.get.description
grp_service_get_description = service_get_subparsers.add_parser(
"description", help="Get description")
grp_service_get_description.set_defaults(item="description")
# service.get.short
grp_service_get_short = service_get_subparsers.add_parser(
"short", help="Get short")
grp_service_get_short.set_defaults(item="short")
# service.set
grp_service_set = service_subparsers.add_parser("set", help="Set commands")
grp_service_set.set_defaults(action="set")
service_set_subparsers = grp_service_set.add_subparsers()
# service.set.description
grp_service_set_description = service_set_subparsers.add_parser(
"description", help="Set description")
grp_service_set_description.set_defaults(item="description")
grp_service_set_description.add_argument("description", metavar="<description>")
# service.set.short
grp_service_set_short = service_set_subparsers.add_parser(
"short", help="Set short")
grp_service_set_short.set_defaults(item="short")
grp_service_set_short.add_argument("short", metavar="<short>")
# service.remove
grp_service_remove = service_subparsers.add_parser("remove",
help="Remove commands")
grp_service_remove.set_defaults(action="remove")
service_remove_subparsers = grp_service_remove.add_subparsers()
# service.remove.port
grp_service_remove_port = service_remove_subparsers.add_parser(
"port", help="Remove port")
grp_service_remove_port.set_defaults(item="port")
grp_service_remove_port.add_argument("port", metavar="<port>", nargs="+")
# service.remove.protocol
grp_service_remove_protocol = service_remove_subparsers.add_parser(
"protocol", help="Remove protocol")
grp_service_remove_protocol.set_defaults(item="protocol")
grp_service_remove_protocol.add_argument("protocol", metavar="<protocol>",
nargs="+")
# service.remove.source-port
grp_service_remove_source_port = service_remove_subparsers.add_parser(
"source-port", help="Remove source port")
grp_service_remove_source_port.set_defaults(item="source-port")
grp_service_remove_source_port.add_argument("port", metavar="<source-port>",
nargs="+")
# service.remove.module
grp_service_remove_module = service_remove_subparsers.add_parser(
"module", help="Remove module")
grp_service_remove_module.set_defaults(item="module")
grp_service_remove_module.add_argument("module", metavar="<module>", nargs="+")
# service.remove.destination
grp_service_remove_destination = service_remove_subparsers.add_parser(
"destination", help="Remove destination")
grp_service_remove_destination.set_defaults(item="destination")
grp_service_remove_destination.add_argument("destination",
metavar="<destination>", nargs="+")
# service.query
grp_service_query = service_subparsers.add_parser("query",
help="Query commands")
grp_service_query.set_defaults(action="query")
service_query_subparsers = grp_service_query.add_subparsers()
# service.query.port
grp_service_query_port = service_query_subparsers.add_parser("port",
help="Query port")
grp_service_query_port.set_defaults(item="port")
grp_service_query_port.add_argument("port", metavar="<port>", nargs="+")
# service.query.protocol
grp_service_query_protocol = service_query_subparsers.add_parser(
"protocol", help="Query protocol")
grp_service_query_protocol.set_defaults(item="protocol")
grp_service_query_protocol.add_argument("protocol", metavar="<protocol>",
nargs="+")
# service.query.source-port
grp_service_query_source_port = service_query_subparsers.add_parser(
"source-port", help="Query source port")
grp_service_query_source_port.set_defaults(item="source-port")
grp_service_query_source_port.add_argument("port", metavar="<source-port>",
nargs="+")
# service.query.module
grp_service_query_module = service_query_subparsers.add_parser(
"module", help="Query module")
grp_service_query_module.set_defaults(item="module")
grp_service_query_module.add_argument("module", metavar="<module>", nargs="+")
# service.query.destination
grp_service_query_destination = service_query_subparsers.add_parser(
"destination", help="Query destination")
grp_service_query_destination.set_defaults(item="destination")
grp_service_query_destination.add_argument("destination",
metavar="<destination>", nargs="+")
# service.list
grp_service_list = service_subparsers.add_parser("list", help="List commands")
grp_service_list.set_defaults(action="list")
service_list_subparsers = grp_service_list.add_subparsers()
# service.list.services
grp_service_list_services = service_list_subparsers.add_parser(
"services", help="List services")
grp_service_list_services.set_defaults(item="services")
# service.list.ports
grp_service_list_ports = service_list_subparsers.add_parser("ports",
help="List ports")
grp_service_list_ports.set_defaults(item="ports")
# service.list.protocols
grp_service_list_protocols = service_list_subparsers.add_parser(
"protocols", help="List protocols")
grp_service_list_protocols.set_defaults(item="protocols")
# service.list.source-ports
grp_service_list_source_ports = service_list_subparsers.add_parser(
"source-ports", help="List source-ports")
grp_service_list_source_ports.set_defaults(item="source-ports")
# service.list.modules
grp_service_list_modules = service_list_subparsers.add_parser(
"modules", help="List modules")
grp_service_list_modules.set_defaults(item="modules")
# service.list.destinations
grp_service_list_destinations = service_list_subparsers.add_parser(
"destinations", help="List destinations")
grp_service_list_destinations.set_defaults(item="destinations")
#############################################################################
# ipset
grp_ipset = subparsers.add_parser("ipset", help="Ipset commands")
grp_ipset.set_defaults(parser="ipset")
grp_ipset.add_argument("ipset", type=str, action="store", metavar="<ipset>")
grp_ipset.add_argument("-p", "--permanent", action="store_true")
ipset_subparsers = grp_ipset.add_subparsers(help="Ipset Commands")
# ipset.load_defaults
grp_ipset_load_defaults = ipset_subparsers.add_parser("load-defaults",
help="Load defaults")
grp_ipset_load_defaults.set_defaults(action="load-defaults")
# ipset.add
grp_ipset_add = ipset_subparsers.add_parser("add", help="Add commands")
grp_ipset_add.set_defaults(action="add")
ipset_add_subparsers = grp_ipset_add.add_subparsers()
# ipset.add.entry
grp_ipset_add_entry = ipset_add_subparsers.add_parser("entry", help="Add entry")
grp_ipset_add_entry.set_defaults(item="entry")
grp_ipset_add_entry.add_argument("entry", metavar="<entry>", nargs="+")
# ipset.add.entries-from-file
grp_ipset_add_entries_from_file = ipset_add_subparsers.add_parser(
"entries-from-file", help="Add entries from file")
grp_ipset_add_entries_from_file.set_defaults(item="entries-from-file")
grp_ipset_add_entries_from_file.add_argument("entries_from_file",
metavar="<filename>", nargs="+")
# ipset.get
grp_ipset_get = ipset_subparsers.add_parser("get", help="Get commands")
grp_ipset_get.set_defaults(action="get")
ipset_get_subparsers = grp_ipset_get.add_subparsers()
# ipset.get.description
grp_ipset_get_description = ipset_get_subparsers.add_parser(
"description", help="Get description")
grp_ipset_get_description.set_defaults(item="description")
# ipset.get.short
grp_ipset_get_short = ipset_get_subparsers.add_parser("short", help="Get short")
grp_ipset_get_short.set_defaults(item="short")
# ipset.set
grp_ipset_set = ipset_subparsers.add_parser("set", help="Set commands")
grp_ipset_set.set_defaults(action="set")
ipset_set_subparsers = grp_ipset_set.add_subparsers()
# ipset.set.description
grp_ipset_set_description = ipset_set_subparsers.add_parser(
"description", help="Set description")
grp_ipset_set_description.set_defaults(item="description")
grp_ipset_set_description.add_argument("description", metavar="<description>")
# ipset.set.short
grp_ipset_set_short = ipset_set_subparsers.add_parser("short", help="Set short")
grp_ipset_set_short.set_defaults(item="short")
grp_ipset_set_short.add_argument("short", metavar="<short>")
# ipset.remove
grp_ipset_remove = ipset_subparsers.add_parser("remove", help="Remove commands")
grp_ipset_remove.set_defaults(action="remove")
ipset_remove_subparsers = grp_ipset_remove.add_subparsers()
# ipset.remove.entry
grp_ipset_remove_entry = ipset_remove_subparsers.add_parser("entry",
help="Remove entry")
grp_ipset_remove_entry.set_defaults(item="entry")
grp_ipset_remove_entry.add_argument("entry", metavar="<entry>", nargs="+")
# ipset.remove.entries-from-file
grp_ipset_remove_entries_from_file = ipset_remove_subparsers.add_parser(
"entries-from-file", help="Remove entries from file")
grp_ipset_remove_entries_from_file.set_defaults(item="entries-from-file")
grp_ipset_remove_entries_from_file.add_argument("entries_from_file",
metavar="<filename>", nargs="+")
# ipset.remove.all
grp_ipset_remove_all = ipset_remove_subparsers.add_parser(
"all", help="Remove all entries")
grp_ipset_remove_all.set_defaults(item="all")
# ipset.query
grp_ipset_query = ipset_subparsers.add_parser("query", help="Query commands")
grp_ipset_query.set_defaults(action="query")
ipset_query_subparsers = grp_ipset_query.add_subparsers()
# ipset.query.entry
grp_ipset_query_entry = ipset_query_subparsers.add_parser("entry",
help="Query entry")
grp_ipset_query_entry.set_defaults(item="entry")
grp_ipset_query_entry.add_argument("entry", metavar="<entry>", nargs="+")
# ipset.query.entries-from-file
grp_ipset_query_entries_from_file = ipset_query_subparsers.add_parser(
"entries-from-file", help="Query entries from file")
grp_ipset_query_entries_from_file.set_defaults(item="entries-from-file")
grp_ipset_query_entries_from_file.add_argument("entries_from_file",
metavar="<filename>", nargs="+")
# ipset.list
grp_ipset_list = ipset_subparsers.add_parser("list", help="List commands")
grp_ipset_list.set_defaults(action="list")
ipset_list_subparsers = grp_ipset_list.add_subparsers()
# ipset.list.entries
grp_ipset_list_entries = ipset_list_subparsers.add_parser("entries",
help="List entries")
grp_ipset_list_entries.set_defaults(item="entries")
#############################################################################
# icmptype
grp_icmptype = subparsers.add_parser("icmptype", help="Icmptype commands")
grp_icmptype.set_defaults(parser="icmptype")
grp_icmptype.add_argument("icmptype", type=str, action="store",
metavar="<icmptype>")
grp_icmptype.add_argument("-p", "--permanent", action="store_true")
icmptype_subparsers = grp_icmptype.add_subparsers(help="Icmptype Commands")
# icmptype.load_defaults
grp_icmptype_load_defaults = icmptype_subparsers.add_parser(
"load-defaults", help="Load defaults")
grp_icmptype_load_defaults.set_defaults(action="load-defaults")
# icmptype.add
grp_icmptype_add = icmptype_subparsers.add_parser("add", help="Add commands")
grp_icmptype_add.set_defaults(action="add")
icmptype_add_subparsers = grp_icmptype_add.add_subparsers()
# icmptype.add.destination
grp_icmptype_add_destination = icmptype_add_subparsers.add_parser(
"destination", help="Add destination")
grp_icmptype_add_destination.set_defaults(item="destination")
grp_icmptype_add_destination.add_argument("destination",
metavar="<destination>", nargs="+")
# icmptype.remove
grp_icmptype_remove = icmptype_subparsers.add_parser("remove",
help="Remove commands")
grp_icmptype_remove.set_defaults(action="remove")
icmptype_remove_subparsers = grp_icmptype_remove.add_subparsers()
# icmptype.remove.destination
grp_icmptype_remove_destination = icmptype_remove_subparsers.add_parser(
"destination", help="Remove destination")
grp_icmptype_remove_destination.set_defaults(item="destination")
grp_icmptype_remove_destination.add_argument("destination",
metavar="<destination>", nargs="+")
# icmptype.get
grp_icmptype_get = icmptype_subparsers.add_parser("get", help="Get commands")
grp_icmptype_get.set_defaults(action="get")
icmptype_get_subparsers = grp_icmptype_get.add_subparsers()
# icmptype.get.description
grp_icmptype_get_description = icmptype_get_subparsers.add_parser(
"description", help="Get description")
grp_icmptype_get_description.set_defaults(item="description")
# icmptype.get.short
grp_icmptype_get_short = icmptype_get_subparsers.add_parser(
"short", help="Get short")
grp_icmptype_get_short.set_defaults(item="short")
# icmptype.set
grp_icmptype_set = icmptype_subparsers.add_parser("set", help="Set commands")
grp_icmptype_set.set_defaults(action="set")
icmptype_set_subparsers = grp_icmptype_set.add_subparsers()
# icmptype.set.description
grp_icmptype_set_description = icmptype_set_subparsers.add_parser(
"description", help="Set description")
grp_icmptype_set_description.set_defaults(item="description")
grp_icmptype_set_description.add_argument("description", metavar="<description>")
# icmptype.set.short
grp_icmptype_set_short = icmptype_set_subparsers.add_parser(
"short", help="Set short")
grp_icmptype_set_short.set_defaults(item="short")
grp_icmptype_set_short.add_argument("short", metavar="<short>")
# icmptype.query
grp_icmptype_query = icmptype_subparsers.add_parser("query",
help="Query commands")
grp_icmptype_query.set_defaults(action="query")
icmptype_query_subparsers = grp_icmptype_query.add_subparsers()
# icmptype.query.destination
grp_icmptype_query_destination = icmptype_query_subparsers.add_parser(
"destination", help="Query destination")
grp_icmptype_query_destination.set_defaults(item="destination")
grp_icmptype_query_destination.add_argument("destination",
metavar="<destination>", nargs="+")
# icmptype.list
grp_icmptype_list = icmptype_subparsers.add_parser("list", help="List commands")
grp_icmptype_list.set_defaults(action="list")
icmptype_list_subparsers = grp_icmptype_list.add_subparsers()
# icmptype.list.destinations
grp_icmptype_list_destinations = icmptype_list_subparsers.add_parser(
"destinations", help="List destinations")
grp_icmptype_list_destinations.set_defaults(item="destinations")
#############################################################################
# new
grp_new = subparsers.add_parser("new", help="New commands")
grp_new.set_defaults(parser="new")
grp_new.add_argument("-p", "--permanent", action="store_true")
new_subparsers = grp_new.add_subparsers(help="New Commands")
# new.zone
grp_new_zone = new_subparsers.add_parser("zone", help="New zone")
grp_new_zone.set_defaults(action="zone")
grp_new_zone.add_argument("-n", "--name", metavar="<name>")
grp_new_zone.add_argument("-f", "--filename", metavar="<filename>")
# new.service
grp_new_service = new_subparsers.add_parser("service", help="New service")
grp_new_service.set_defaults(action="service")
grp_new_service.add_argument("-n", "--name", metavar="<name>")
grp_new_service.add_argument("-f", "--filename", metavar="<filename>")
# new.ipset
grp_new_ipset = new_subparsers.add_parser("ipset", help="New ipset")
grp_new_ipset.set_defaults(action="ipset")
grp_new_ipset.add_argument("-n", "--name", metavar="<name>")
grp_new_ipset.add_argument("-f", "--filename", metavar="<filename>")
grp_new_ipset.add_argument("-t", "--type", metavar="<ipsettype>")
grp_new_ipset.add_argument("-o", "--option", metavar="<key>[=<value>]",
nargs="*")
#--type=<ipset type> [--option=<key>[=<value>]]..
# new.icmptype
grp_new_icmptype = new_subparsers.add_parser("icmptype", help="New icmptype")
grp_new_icmptype.set_defaults(action="icmptype")
grp_new_icmptype.add_argument("-n", "--name", metavar="<name>")
grp_new_icmptype.add_argument("-f", "--filename", metavar="<filename>")
#############################################################################
# helper
grp_helper = subparsers.add_parser("helper", help="Helper commands")
grp_helper.set_defaults(parser="helper")
grp_helper.add_argument("helper", type=str, action="store",
metavar="<helper>")
grp_helper.add_argument("-p", "--permanent", action="store_true")
helper_subparsers = grp_helper.add_subparsers(help="Helper Commands")
# helper.load_defaults
grp_helper_load_defaults = helper_subparsers.add_parser(
"load-defaults", help="Load defaults")
grp_helper_load_defaults.set_defaults(action="load-defaults")
# helper.add
grp_helper_add = helper_subparsers.add_parser("add", help="Add commands")
grp_helper_add.set_defaults(action="add")
helper_add_subparsers = grp_helper_add.add_subparsers()
# helper.add.port
grp_helper_add_port = helper_add_subparsers.add_parser("port",
help="Add port")
grp_helper_add_port.set_defaults(item="port")
grp_helper_add_port.add_argument("port", metavar="<port>", nargs="+")
# helper.remove
grp_helper_remove = helper_subparsers.add_parser("remove",
help="Remove commands")
grp_helper_remove.set_defaults(action="remove")
helper_remove_subparsers = grp_helper_remove.add_subparsers()
# helper.remove.port
grp_helper_remove_port = helper_remove_subparsers.add_parser(
"port", help="Remove port")
grp_helper_remove_port.set_defaults(item="port")
grp_helper_remove_port.add_argument("port", metavar="<port>", nargs="+")
# helper.get
grp_helper_get = helper_subparsers.add_parser("get", help="Get commands")
grp_helper_get.set_defaults(action="get")
helper_get_subparsers = grp_helper_get.add_subparsers()
# helper.get.description
grp_helper_get_description = helper_get_subparsers.add_parser(
"description", help="Get description")
grp_helper_get_description.set_defaults(item="description")
# helper.get.family
grp_helper_get_family = helper_get_subparsers.add_parser(
"family", help="Get family")
grp_helper_get_family.set_defaults(item="family")
# helper.get.module
grp_helper_get_module = helper_get_subparsers.add_parser(
"module", help="Get module")
grp_helper_get_module.set_defaults(item="module")
# helper.get.short
grp_helper_get_short = helper_get_subparsers.add_parser(
"short", help="Get short")
grp_helper_get_short.set_defaults(item="short")
# helper.set
grp_helper_set = helper_subparsers.add_parser("set", help="Set commands")
grp_helper_set.set_defaults(action="set")
helper_set_subparsers = grp_helper_set.add_subparsers()
# helper.set.description
grp_helper_set_description = helper_set_subparsers.add_parser(
"description", help="Set description")
grp_helper_set_description.set_defaults(item="description")
grp_helper_set_description.add_argument("description", metavar="<description>")
# helper.set.family
grp_helper_set_family = helper_set_subparsers.add_parser(
"family", help="Set family")
grp_helper_set_family.set_defaults(item="family")
grp_helper_set_family.add_argument("family", metavar="<family>")
# helper.set.module
grp_helper_set_module = helper_set_subparsers.add_parser(
"module", help="Set module")
grp_helper_set_module.set_defaults(item="module")
grp_helper_set_module.add_argument("module", metavar="<module>")
# helper.set.short
grp_helper_set_short = helper_set_subparsers.add_parser(
"short", help="Set short")
grp_helper_set_short.set_defaults(item="short")
grp_helper_set_short.add_argument("short", metavar="<short>")
# helper.query
grp_helper_query = helper_subparsers.add_parser("query",
help="Query commands")
grp_helper_query.set_defaults(action="query")
helper_query_subparsers = grp_helper_query.add_subparsers()
# helper.query.port
grp_helper_query_port = helper_query_subparsers.add_parser("port",
help="Query port")
grp_helper_query_port.set_defaults(item="port")
grp_helper_query_port.add_argument("port", metavar="<port>", nargs="+")
# helper.list
grp_helper_list = helper_subparsers.add_parser("list", help="List commands")
grp_helper_list.set_defaults(action="list")
helper_list_subparsers = grp_helper_list.add_subparsers()
# helper.list.ports
grp_helper_list_ports = helper_list_subparsers.add_parser("ports",
help="List ports")
grp_helper_list_ports.set_defaults(item="ports")
#############################################################################
# new
grp_new = subparsers.add_parser("new", help="New commands")
grp_new.set_defaults(parser="new")
grp_new.add_argument("-p", "--permanent", action="store_true")
new_subparsers = grp_new.add_subparsers(help="New Commands")
# new.zone
grp_new_zone = new_subparsers.add_parser("zone", help="New zone")
grp_new_zone.set_defaults(action="zone")
grp_new_zone.add_argument("-n", "--name", metavar="<name>")
grp_new_zone.add_argument("-f", "--filename", metavar="<filename>")
# new.service
grp_new_service = new_subparsers.add_parser("service", help="New service")
grp_new_service.set_defaults(action="service")
grp_new_service.add_argument("-n", "--name", metavar="<name>")
grp_new_service.add_argument("-f", "--filename", metavar="<filename>")
# new.ipset
grp_new_ipset = new_subparsers.add_parser("ipset", help="New ipset")
grp_new_ipset.set_defaults(action="ipset")
grp_new_ipset.add_argument("-n", "--name", metavar="<name>")
grp_new_ipset.add_argument("-f", "--filename", metavar="<filename>")
grp_new_ipset.add_argument("-t", "--type", metavar="<ipsettype>")
grp_new_ipset.add_argument("-o", "--option", metavar="<key>[=<value>]",
nargs="*")
#--type=<ipset type> [--option=<key>[=<value>]]..
# new.helper
grp_new_helper = new_subparsers.add_parser("helper", help="New helper")
grp_new_helper.set_defaults(action="helper")
grp_new_helper.add_argument("-n", "--name", metavar="<name>")
grp_new_helper.add_argument("-f", "--filename", metavar="<filename>")
# new.icmptype
grp_new_icmptype = new_subparsers.add_parser("icmptype", help="New icmptype")
grp_new_icmptype.set_defaults(action="icmptype")
grp_new_icmptype.add_argument("-n", "--name", metavar="<name>")
grp_new_icmptype.add_argument("-f", "--filename", metavar="<filename>")
#############################################################################
# delete
grp_delete = subparsers.add_parser("delete", help="Delete commands")
grp_delete.set_defaults(parser="delete")
grp_delete.add_argument("-p", "--permanent", action="store_true")
delete_subparsers = grp_delete.add_subparsers(help="Delete Commands")
# delete.zone
grp_delete_zone = delete_subparsers.add_parser("zone", help="Delete zone")
grp_delete_zone.set_defaults(action="zone")
grp_delete_zone.add_argument("zone", metavar="<zone>")
# delete.service
grp_delete_service = delete_subparsers.add_parser("service",
help="Delete service")
grp_delete_service.set_defaults(action="service")
grp_delete_service.add_argument("service", metavar="<service>")
# delete.ipset
grp_delete_ipset = delete_subparsers.add_parser("ipset", help="Delete ipset")
grp_delete_ipset.set_defaults(action="ipset")
grp_delete_ipset.add_argument("ipset", metavar="<ipset>")
# delete.helper
grp_delete_helper = delete_subparsers.add_parser("helper",
help="Delete helper")
grp_delete_helper.set_defaults(action="helper")
grp_delete_helper.add_argument("helper", metavar="<helper>")
# delete.icmptype
grp_delete_icmptype = delete_subparsers.add_parser("icmptype",
help="Delete icmptype")
grp_delete_icmptype.set_defaults(action="icmptype")
grp_delete_icmptype.add_argument("icmptype", metavar="<icmptype>")
#############################################################################
# direct
grp_direct = subparsers.add_parser("direct", help="Direct commands")
grp_direct.set_defaults(parser="direct")
grp_direct.add_argument("-p", "--permanent", action="store_true")
direct_subparsers = grp_direct.add_subparsers(help="Direct Commands")
# direct.add
grp_direct_add = direct_subparsers.add_parser("add", help="Add commands")
grp_direct_add.set_defaults(action="add")
direct_add_subparsers = grp_direct_add.add_subparsers()
# direct.add.chain
grp_direct_add_chain = direct_add_subparsers.add_parser("chain",
help="Add chain")
grp_direct_add_chain.set_defaults(item="chain")
grp_direct_add_chain.add_argument(
"chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>"))
# direct.add.rule
grp_direct_add_rule = direct_add_subparsers.add_parser("rule",
help="Add rule")
grp_direct_add_rule.set_defaults(item="rule")
grp_direct_add_rule.add_argument(
"rule", nargs=argparse.REMAINDER,
metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain> <priority> <args>"))
# direct.add.passthrough
grp_direct_add_passthrough = direct_add_subparsers.add_parser(
"passthrough", help="Add passthrough")
grp_direct_add_passthrough.set_defaults(item="passthrough")
grp_direct_add_passthrough.add_argument(
"passthrough", nargs=argparse.REMAINDER,
metavar=("{ ipv4 | ipv6 | eb }", "<args>"))
# direct.passthrough
grp_direct_passthrough = direct_subparsers.add_parser(
"passthrough", help="Untracked passthrough")
grp_direct_passthrough.set_defaults(action="passthrough")
grp_direct_passthrough.add_argument("passthrough", nargs=argparse.REMAINDER,
metavar=("{ ipv4 | ipv6 | eb }", "<args>"))
# direct.query
grp_direct_query = direct_subparsers.add_parser("query", help="Query commands")
grp_direct_query.set_defaults(action="query")
direct_query_subparsers = grp_direct_query.add_subparsers()
# direct.query.chain
grp_direct_query_chain = direct_query_subparsers.add_parser(
"chain", help="Query chain")
grp_direct_query_chain.set_defaults(item="chain")
grp_direct_query_chain.add_argument(
"chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>"))
# direct.query.rule
grp_direct_query_rule = direct_query_subparsers.add_parser(
"rule", help="Query rule")
grp_direct_query_rule.set_defaults(item="rule")
grp_direct_query_rule.add_argument(
"rule", nargs=argparse.REMAINDER,
metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain> <priority> <args>"))
# direct.query.passthrough
grp_direct_query_passthrough = direct_query_subparsers.add_parser(
"passthrough", help="Query passthrough")
grp_direct_query_passthrough.set_defaults(item="passthrough")
grp_direct_query_passthrough.add_argument("passthrough",
metavar="<passthrough>",
nargs=argparse.REMAINDER)
# direct.remove
grp_direct_remove = direct_subparsers.add_parser("remove",
help="Remove commands")
grp_direct_remove.set_defaults(action="remove")
direct_remove_subparsers = grp_direct_remove.add_subparsers()
# direct.remove.chain
grp_direct_remove_chain = direct_remove_subparsers.add_parser(
"chain", help="Remove chain")
grp_direct_remove_chain.set_defaults(item="chain")
grp_direct_remove_chain.add_argument(
"chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>"))
# direct.remove.rule
grp_direct_remove_rule = direct_remove_subparsers.add_parser("rule",
help="Remove rule")
grp_direct_remove_rule.set_defaults(item="rule")
grp_direct_remove_rule.add_argument(
"rule", nargs=argparse.REMAINDER,
metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain> <priority> <args>"))
# direct.remove.passthrough
grp_direct_remove_passthrough = direct_remove_subparsers.add_parser(
"passthrough", help="Remove passthrough")
grp_direct_remove_passthrough.set_defaults(item="passthrough")
grp_direct_remove_passthrough.add_argument("passthrough",
metavar="<passthrough>",
nargs=argparse.REMAINDER)
# direct.get
grp_direct_get = direct_subparsers.add_parser("get", help="Get commands")
grp_direct_get.set_defaults(action="get")
direct_get_subparsers = grp_direct_get.add_subparsers()
# direct.get.all-chains
grp_direct_get_all_chains = direct_get_subparsers.add_parser(
"all-chains", help="Get all chains")
grp_direct_get_all_chains.set_defaults(item="all-chains")
# direct.get.chains
grp_direct_get_chains = direct_get_subparsers.add_parser("chains",
help="Get chains")
grp_direct_get_chains.set_defaults(item="chains")
grp_direct_get_chains.add_argument("chains", nargs=2,
metavar=("{ ipv4 | ipv6 | eb }", "<table>"))
# direct.get.all-rules
grp_direct_get_all_rules = direct_get_subparsers.add_parser(
"all-rules", help="Get all rules")
grp_direct_get_all_rules.set_defaults(item="all-rules")
# direct.get.rules
grp_direct_get_rules = direct_get_subparsers.add_parser("rules",
help="Get rules")
grp_direct_get_rules.set_defaults(item="rules")
grp_direct_get_rules.add_argument("rules", nargs=3,
metavar=("{ ipv4 | ipv6 | eb }",
"<table>", "<chain>"))
# direct.get.all-passthroughs
grp_direct_get_all_passthroughs = direct_get_subparsers.add_parser(
"all-passthroughs", help="Get all passthroughs")
grp_direct_get_all_passthroughs.set_defaults(item="all-passthroughs")
# direct.get.passthroughs
grp_direct_get_passthroughs = direct_get_subparsers.add_parser(
"passthroughs", help="Get passthroughs")
grp_direct_get_passthroughs.set_defaults(item="passthroughs")
grp_direct_get_passthroughs.add_argument("passthroughs", nargs=1,
metavar=("{ ipv4 | ipv6 | eb }"))
#############################################################################
# lockdown
grp_lockdown_whitelist = subparsers.add_parser(
"lockdown-whitelist", help="Lockdown whitelist commands")
grp_lockdown_whitelist.set_defaults(parser="lockdown-whitelist")
grp_lockdown_whitelist.add_argument("-p", "--permanent", action="store_true")
lockdown_whitelist_subparsers = grp_lockdown_whitelist.add_subparsers(
help="Lockdown Commands")
# lockdown.whitelist.add
grp_lockdown_whitelist_add = lockdown_whitelist_subparsers.add_parser(
"add", help="Add commands")
grp_lockdown_whitelist_add.set_defaults(action="add")
whitelist_add_subparsers = grp_lockdown_whitelist_add.add_subparsers()
# lockdown.whitelist.add.command
grp_lockdown_whitelist_add_command = whitelist_add_subparsers.add_parser(
"command", help="Add command")
grp_lockdown_whitelist_add_command.set_defaults(item="command")
grp_lockdown_whitelist_add_command.add_argument("command", metavar="<command>",
nargs="+")
# lockdown.whitelist.add.context
grp_lockdown_whitelist_add_context = whitelist_add_subparsers.add_parser(
"context", help="Add context")
grp_lockdown_whitelist_add_context.set_defaults(item="context")
grp_lockdown_whitelist_add_context.add_argument("context", metavar="<context>",
nargs="+")
# lockdown.whitelist.add.uid
grp_lockdown_whitelist_add_uid = whitelist_add_subparsers.add_parser(
"uid", help="Add uid")
grp_lockdown_whitelist_add_uid.set_defaults(item="uid")
grp_lockdown_whitelist_add_uid.add_argument("uid", metavar="<uid>", type=int,
nargs="+")
# lockdown.whitelist.add.user
grp_lockdown_whitelist_add_user = whitelist_add_subparsers.add_parser(
"user", help="Add user")
grp_lockdown_whitelist_add_user.set_defaults(item="user")
grp_lockdown_whitelist_add_user.add_argument("user", metavar="<user>",
nargs="+")
# lockdown.whitelist.query
grp_lockdown_whitelist_query = lockdown_whitelist_subparsers.add_parser(
"query", help="Query commands")
grp_lockdown_whitelist_query.set_defaults(action="query")
whitelist_query_subparsers = grp_lockdown_whitelist_query.add_subparsers()
# lockdown.whitelist.query.command
grp_lockdown_whitelist_query_command = whitelist_query_subparsers.add_parser(
"command", help="Query command")
grp_lockdown_whitelist_query_command.set_defaults(item="command")
grp_lockdown_whitelist_query_command.add_argument("command",
metavar="<command>",
nargs="+")
# lockdown.whitelist.query.context
grp_lockdown_whitelist_query_context = whitelist_query_subparsers.add_parser(
"context", help="Query context")
grp_lockdown_whitelist_query_context.set_defaults(item="context")
grp_lockdown_whitelist_query_context.add_argument("context",
metavar="<context>",
nargs="+")
# lockdown.whitelist.query.uid
grp_lockdown_whitelist_query_uid = whitelist_query_subparsers.add_parser(
"uid", help="Query uid")
grp_lockdown_whitelist_query_uid.set_defaults(item="uid")
grp_lockdown_whitelist_query_uid.add_argument("uid", metavar="<uid>", type=int,
nargs="+")
# lockdown.whitelist.query.user
grp_lockdown_whitelist_query_user = whitelist_query_subparsers.add_parser(
"user", help="Query user")
grp_lockdown_whitelist_query_user.set_defaults(item="user")
grp_lockdown_whitelist_query_user.add_argument("user", metavar="<user>",
nargs="+")
# lockdown.whitelist.remove
grp_lockdown_whitelist_remove = lockdown_whitelist_subparsers.add_parser(
"remove", help="Remove commands")
grp_lockdown_whitelist_remove.set_defaults(action="remove")
whitelist_remove_subparsers = grp_lockdown_whitelist_remove.add_subparsers()
# lockdown.whitelist.remove.command
grp_lockdown_whitelist_remove_command = whitelist_remove_subparsers.add_parser(
"command", help="Remove command")
grp_lockdown_whitelist_remove_command.set_defaults(item="command")
grp_lockdown_whitelist_remove_command.add_argument("command",
metavar="<command>",
nargs="+")
# lockdown.whitelist.remove.context
grp_lockdown_whitelist_remove_context = whitelist_remove_subparsers.add_parser(
"context", help="Remove context")
grp_lockdown_whitelist_remove_context.set_defaults(item="context")
grp_lockdown_whitelist_remove_context.add_argument("context",
metavar="<context>",
nargs="+")
# lockdown.whitelist.remove.uid
grp_lockdown_whitelist_remove_uid = whitelist_remove_subparsers.add_parser(
"uid", help="Remove uid")
grp_lockdown_whitelist_remove_uid.set_defaults(item="uid")
grp_lockdown_whitelist_remove_uid.add_argument("uid", metavar="<uid>", type=int,
nargs="+")
# lockdown.whitelist.remove.user
grp_lockdown_whitelist_remove_user = whitelist_remove_subparsers.add_parser(
"user", help="Remove user")
grp_lockdown_whitelist_remove_user.set_defaults(item="user")
grp_lockdown_whitelist_remove_user.add_argument("user", metavar="<user>",
nargs="+")
# lockdown.whitelist.list
grp_lockdown_whitelist_list = lockdown_whitelist_subparsers.add_parser(
"list", help="List commands")
grp_lockdown_whitelist_list.set_defaults(action="list")
whitelist_list_subparsers = grp_lockdown_whitelist_list.add_subparsers()
# lockdown.whitelist.list.commands
grp_lockdown_whitelist_list_commands = whitelist_list_subparsers.add_parser(
"commands", help="List commands")
grp_lockdown_whitelist_list_commands.set_defaults(item="commands")
# lockdown.whitelist.list.contexts
grp_lockdown_whitelist_list_contexts = whitelist_list_subparsers.add_parser(
"contexts", help="List contexts")
grp_lockdown_whitelist_list_contexts.set_defaults(item="contexts")
# lockdown.whitelist.list.uids
grp_lockdown_whitelist_list_uids = whitelist_list_subparsers.add_parser(
"uids", help="List uids")
grp_lockdown_whitelist_list_uids.set_defaults(item="uids")
# lockdown.whitelist.list.users
grp_lockdown_whitelist_list_users = whitelist_list_subparsers.add_parser(
"users", help="List users")
grp_lockdown_whitelist_list_users.set_defaults(item="users")
#############################################################################
# config
grp_config = subparsers.add_parser("config", help="firewalld configuration")
grp_config.set_defaults(parser="config")
config_subparsers = grp_config.add_subparsers(help="Config Commands")
# config.get
grp_config_get = config_subparsers.add_parser("get", help="Get commands")
grp_config_get.set_defaults(action="get")
config_get_subparsers = grp_config_get.add_subparsers()
# config.get.default-zone
grp_config_get_default_zone = config_get_subparsers.add_parser(
"default-zone", help="Get default zone")
grp_config_get_default_zone.set_defaults(item="default-zone")
# config.get.lockdown
grp_config_get_lockdown = config_get_subparsers.add_parser("lockdown",
help="Get lockdown")
grp_config_get_lockdown.set_defaults(item="lockdown")
# config.get.log-denied
grp_config_get_log_denied = config_get_subparsers.add_parser(
"log-denied", help="Get log denied")
grp_config_get_log_denied.set_defaults(item="log-denied")
# config.get.panic
grp_config_get_panic = config_get_subparsers.add_parser("panic",
help="Get panic")
grp_config_get_panic.set_defaults(item="panic")
# config.list
grp_config_list = config_subparsers.add_parser("list", help="List commands")
grp_config_list.set_defaults(action="list")
# config.set
grp_config_set = config_subparsers.add_parser("set", help="Set commands")
grp_config_set.set_defaults(action="set")
config_set_subparsers = grp_config_set.add_subparsers()
# config.set.default-zone
grp_config_set_default_zone = config_set_subparsers.add_parser(
"default-zone", help="Set default zone")
grp_config_set_default_zone.set_defaults(item="default-zone")
grp_config_set_default_zone.add_argument("default_zone", metavar="<zone>")
# config.set.lockdown
grp_config_set_lockdown = config_set_subparsers.add_parser("lockdown",
help="Set lockdown")
grp_config_set_lockdown.set_defaults(item="lockdown")
grp_config_set_lockdown.add_argument("lockdown", metavar="<lockdown>")
# config.set.log-denied
grp_config_set_log_denied = config_set_subparsers.add_parser(
"log-denied", help="Set log denied")
grp_config_set_log_denied.set_defaults(item="log-denied")
grp_config_set_log_denied.add_argument("log_denied", metavar="<log-denied>")
# config.set.panic
grp_config_set_panic = config_set_subparsers.add_parser("panic",
help="Set panic")
grp_config_set_panic.set_defaults(item="panic")
grp_config_set_panic.add_argument("panic", metavar="<panic>")
#############################################################################
# settings
grp_settings = subparsers.add_parser("settings", help="firewalld settings")
grp_settings.set_defaults(parser="settings")
settings_subparsers = grp_settings.add_subparsers(help="Settings Commands")
# settings.get
grp_settings_get = settings_subparsers.add_parser("get", help="Get commands")
grp_settings_get.set_defaults(action="get")
settings_get_subparsers = grp_settings_get.add_subparsers()
# settings.get.BRIDGE
grp_settings_get_BRIDGE = settings_get_subparsers.add_parser(
"BRIDGE", help="Get BRIDGE")
grp_settings_get_BRIDGE.set_defaults(item="BRIDGE")
# settings.get.CleanupOnExit
grp_settings_get_CleanupOnExit = settings_get_subparsers.add_parser(
"CleanupOnExit", help="Get CleanupOnExit")
grp_settings_get_CleanupOnExit.set_defaults(item="CleanupOnExit")
# settings.get.IPSet
grp_settings_get_IPSet = settings_get_subparsers.add_parser(
"IPSet", help="Get IPSet")
grp_settings_get_IPSet.set_defaults(item="IPSet")
# settings.get.IPSetTypes
grp_settings_get_IPSetTypes = settings_get_subparsers.add_parser(
"IPSetTypes", help="Get IPSetTypes")
grp_settings_get_IPSetTypes.set_defaults(item="IPSetTypes")
# settings.get.IPv4
grp_settings_get_IPv4 = settings_get_subparsers.add_parser(
"IPv4", help="Get IPv4")
grp_settings_get_IPv4.set_defaults(item="IPv4")
# settings.get.IPv6
grp_settings_get_IPv6 = settings_get_subparsers.add_parser(
"IPv6", help="Get IPv6")
grp_settings_get_IPv6.set_defaults(item="IPv6")
# settings.get.IPv6_rpfilter
grp_settings_get_IPv6_rpfilter = settings_get_subparsers.add_parser(
"IPv6_rpfilter", help="Get IPv6_rpfilter")
grp_settings_get_IPv6_rpfilter.set_defaults(item="IPv6_rpfilter")
# settings.get.MinimalMark
grp_settings_get_MinimalMark = settings_get_subparsers.add_parser(
"MinimalMark", help="Get MinimalMark")
grp_settings_get_MinimalMark.set_defaults(item="MinimalMark")
# settings.list
grp_settings_list = settings_subparsers.add_parser("list", help="List commands")
grp_settings_list.set_defaults(action="list")
#############################################################################
args = sys.argv[1:]
if len(args) > 1 and args[0] == "direct":
i = -1
if (len(args) > 1 and args[1] == 'passthrough') or \
(len(args) > 2 and args[2] == 'passthrough') or \
(len(args) > 3 and args[3] == 'passthrough'):
i = args.index('passthrough') + 1
elif (len(args) > 2 and args[2] == 'rule') or \
(len(args) > 3 and args[3] == 'rule'):
i = args.index('rule') + 4
# join <args> into one argument to prevent parser from parsing each iptables
# option, because they ccould conflict with firewallctl options
if (i > -1) and (i < len(args) - 1):
aux_args = args[:]
args = aux_args[:i+1] # all but not <args>
args.append(joinArgs(aux_args[i+1:])) # add <args> as one arg
args = parser.parse_args(args)
if not hasattr(args, "parser"):
parser.print_help()
sys.exit(0)
# Set quiet and verbose
cmd = FirewallCommand(args.quiet, args.verbose)
def myexcepthook(exctype, value, traceback):
cmd.exception_handler(str(value))
sys.excepthook = myexcepthook
# use firewalld
try:
fw = FirewallClient()
except FirewallError as msg:
code = FirewallError.get_code(str(msg))
cmd.print_and_exit("Error: %s" % msg, code)
fw.setExceptionHandler(cmd.exception_handler)
if fw.connected == False:
if args.parser == "state":
cmd.print_and_exit("not running", errors.NOT_RUNNING)
else:
cmd.print_and_exit("FirewallD is not running", errors.NOT_RUNNING)
cmd.set_fw(fw)
# version
if args.parser == "version":
cmd.print_and_exit(fw.get_property("version"))
# state
elif args.parser == "state":
state = fw.get_property("state")
if state == "RUNNING":
cmd.print_and_exit("running")
else:
cmd.print_and_exit(state, errors.NOT_RUNNING)
# reload
elif args.parser == "reload":
if args.complete:
fw.complete_reload()
else:
fw.reload()
# runtime_to_permanent
elif args.parser == "runtime-to-permanent":
fw.runtimeToPermanent()
#############################################################################
# list
elif args.parser == "list":
if not hasattr(args, "list"):
grp_list.print_help()
sys.exit(0)
if args.list == "zones":
if args.active:
items = fw.getActiveZones()
elif args.permanent:
items = fw.config().getZoneNames()
else:
items = fw.getZones()
cmd.print_and_exit(" ".join(sorted(items)))
elif args.list == "services":
if args.permanent:
items = fw.config().getServiceNames()
else:
items = fw.listServices()
cmd.print_and_exit(" ".join(sorted(items)))
elif args.list == "ipsets":
if args.permanent:
items = fw.config().getIPSetNames()
else:
items = fw.getIPSets()
cmd.print_and_exit(" ".join(sorted(items)))
elif args.list == "helpers":
if args.permanent:
items = fw.config().getHelperNames()
else:
items = fw.getHelpers()
cmd.print_and_exit(" ".join(sorted(items)))
elif args.list == "icmptypes":
if args.permanent:
items = fw.config().getIcmpTypeNames()
else:
items = fw.listIcmpTypes()
cmd.print_and_exit(" ".join(sorted(items)))
else:
cmd.fail("Uncaught argument")
#############################################################################
# info
elif args.parser == "info":
if not hasattr(args, "info"):
grp_info.print_help()
sys.exit(0)
if args.info == "zone":
if args.zone != "":
zone = args.zone
else:
zone = fw.getDefaultZone()
if args.permanent:
settings = fw.config().getZoneByName(zone).getSettings()
else:
settings = fw.getZoneSettings(zone)
cmd.print_zone_info(zone, settings, True)
sys.exit(0)
elif args.info == "zones":
if args.active:
for zone in fw.getActiveZones():
cmd.print_zone_info(zone, fw.getZoneSettings(zone))
cmd.print_msg("")
elif args.permanent:
names = fw.config().getZoneNames()
for zone in sorted(names):
settings = fw.config().getZoneByName(zone)
cmd.print_zone_info(zone, settings.getSettings())
cmd.print_msg("")
else:
for zone in fw.getZones():
cmd.print_zone_info(zone, fw.getZoneSettings(zone))
cmd.print_msg("")
sys.exit(0)
elif args.info == "service":
if args.permanent:
settings = fw.config().getServiceByName(args.service).getSettings()
else:
settings = fw.getServiceSettings(args.service)
cmd.print_service_info(args.service, settings)
sys.exit(0)
elif args.info == "services":
if args.permanent:
names = fw.config().getServiceNames()
for service in sorted(names):
settings = fw.config().getServiceByName(service)
cmd.print_service_info(service, settings.getSettings())
cmd.print_msg("")
else:
for service in fw.listServices():
cmd.print_service_info(service, fw.getServiceSettings(service))
cmd.print_msg("")
sys.exit(0)
elif args.info == "ipset":
if args.permanent:
settings = fw.config().getIPSetByName(args.ipset).getSettings()
else:
settings = fw.getIPSetSettings(args.ipset)
cmd.print_ipset_info(args.ipset, settings)
sys.exit(0)
elif args.info == "ipsets":
if args.permanent:
names = fw.config().getIPSetNames()
for ipset in sorted(names):
settings = fw.config().getIPSetByName(ipset)
cmd.print_ipset_info(ipset, settings.getSettings())
cmd.print_msg("")
else:
for ipset in fw.getIPSets():
cmd.print_ipset_info(ipset, fw.getIPSetSettings(ipset))
cmd.print_msg("")
sys.exit(0)
elif args.info == "helper":
if args.permanent:
settings = fw.config().getHelperByName(
args.helper).getSettings()
else:
settings = fw.getHelperSettings(args.helper)
cmd.print_helper_info(args.helper, settings)
sys.exit(0)
elif args.info == "helpers":
if args.permanent:
names = fw.config().getHelperNames()
for helper in sorted(names):
settings = fw.config().getHelperByName(helper)
cmd.print_helper_info(helper, settings.getSettings())
cmd.print_msg("")
else:
for helper in fw.getHelpers():
cmd.print_helper_info(helper,
fw.getHelperSettings(helper))
cmd.print_msg("")
sys.exit(0)
elif args.info == "icmptype":
if args.permanent:
settings = fw.config().getIcmpTypeByName(
args.icmptype).getSettings()
else:
settings = fw.getIcmpTypeSettings(args.icmptype)
cmd.print_icmptype_info(args.icmptype, settings)
sys.exit(0)
elif args.info == "icmptypes":
if args.permanent:
names = fw.config().getIcmpTypeNames()
for icmptype in sorted(names):
settings = fw.config().getIcmpTypeByName(icmptype)
cmd.print_icmptype_info(icmptype, settings.getSettings())
cmd.print_msg("")
else:
for icmptype in fw.listIcmpTypes():
cmd.print_icmptype_info(icmptype,
fw.getIcmpTypeSettings(icmptype))
cmd.print_msg("")
sys.exit(0)
else:
cmd.fail("Uncaught argument")
#############################################################################
# zone
elif args.parser == "zone":
if not hasattr(args, "action"):
grp_zone.print_help()
sys.exit(0)
if args.action == "add":
if not hasattr(args, "item"):
grp_zone_add.print_help()
sys.exit(0)
if args.permanent:
if args.zone == "":
fw_zone = fw.config().getZoneByName(fw.getDefaultZone())
else:
fw_zone = fw.config().getZoneByName(args.zone)
if args.item == "interface":
#interfaces = [ ]
#for interface in args.interface:
# if not try_set_zone_of_interface(args.zone, interface):
# interfaces.append(interface)
if args.permanent:
interfaces = [ ]
for interface in args.interface:
if not try_set_zone_of_interface(args.zone, interface):
interfaces.append(interface)
cmd.add_sequence(interfaces, fw_zone.addInterface,
fw_zone.queryInterface, None, "'%s'")
else:
#cmd.x_add_sequence(args.zone, interfaces,
cmd.x_add_sequence(args.zone, args.interface,
fw.addInterface, fw.queryInterface,
None, "'%s'")
elif args.item == "source":
if args.permanent:
cmd.add_sequence(args.source, fw_zone.addSource,
fw_zone.querySource, cmd.parse_source, "'%s'")
else:
cmd.x_add_sequence(args.zone, args.source,
fw.addSource, fw.querySource,
cmd.parse_source, "'%s'")
elif args.item == "service":
if args.permanent:
cmd.add_sequence(args.service, fw_zone.addService,
fw_zone.queryService, None, "'%s'")
else:
cmd.zone_add_timeout_sequence(args.zone, args.service,
fw.addService, fw.queryService,
None, "'%s'", args.timeout)
elif args.item == "port":
if args.permanent:
cmd.add_sequence(args.port,
fw_zone.addPort, fw_zone.queryPort,
cmd.parse_port, "'%s/%s'")
else:
cmd.zone_add_timeout_sequence(args.zone, args.port,
fw.addPort, fw.queryPort,
cmd.parse_port, "'%s/%s'",
args.timeout)
elif args.item == "protocol":
if args.permanent:
cmd.add_sequence(args.protocol,
fw_zone.addProtocol, fw_zone.queryProtocol,
None, "'%s'")
else:
cmd.zone_add_timeout_sequence(args.zone, args.protocol,
fw.addProtocol, fw.queryProtocol,
None, "'%s'", args.timeout)
elif args.item == "source-port":
if args.permanent:
cmd.add_sequence(args.port,
fw_zone.addSourcePort,
fw_zone.querySourcePort,
cmd.parse_port, "'%s/%s'")
else:
cmd.zone_add_timeout_sequence(args.zone, args.port,
fw.addSourcePort,
fw.querySourcePort,
cmd.parse_port, "'%s/%s'",
args.timeout)
elif args.item == "rich-rule":
if args.permanent:
cmd.add_sequence(args.rich_rule, fw_zone.addRichRule,
fw_zone.queryRichRule, None, "'%s'")
else:
cmd.zone_add_timeout_sequence(args.zone, args.rich_rule,
fw.addRichRule,
fw.queryRichRule, None, "'%s'",
args.timeout)
elif args.item == "masquerade":
if args.permanent:
fw_zone.addMasquerade()
else:
fw.addMasquerade(args.zone, args.timeout)
elif args.item == "forward-port":
if args.permanent:
cmd.add_sequence(args.forward_port, fw_zone.addForwardPort,
fw_zone.queryForwardPort,
cmd.parse_forward_port,
"port=%s:proto=%s:toport=%s:toaddr=%s")
else:
cmd.zone_add_timeout_sequence(
args.zone, args.forward_port,
fw.addForwardPort, fw.queryForwardPort,
cmd.parse_forward_port,
"'port=%s:proto=%s:toport=%s:toaddr=%s'",
args.timeout)
elif args.item == "icmp-block":
if args.permanent:
cmd.add_sequence(args.icmp_block, fw_zone.addIcmpBlock,
fw_zone.queryIcmpBlock, None, "'%s'")
else:
cmd.zone_add_timeout_sequence(args.zone, args.icmp_block,
fw.addIcmpBlock,
fw.queryIcmpBlock,
None, "'%s'", args.timeout)
elif args.item == "icmp-block-inversion":
if args.permanent:
fw_zone.addIcmpBlockInversion()
else:
fw.addIcmpBlockInversion(args.zone)
else:
cmd.fail("Uncaught argument")
elif args.action == "remove":
if not hasattr(args, "item"):
grp_zone_remove.print_help()
sys.exit(0)
if args.permanent:
if args.zone == "":
fw_zone = fw.config().getZoneByName(fw.getDefaultZone())
else:
fw_zone = fw.config().getZoneByName(args.zone)
if args.item == "interface":
#interfaces = [ ]
#for interface in args.interface:
# if not try_set_zone_of_interface("", interface):
# interfaces.append(interface)
if args.permanent:
interfaces = [ ]
for interface in args.interface:
if not try_set_zone_of_interface("", interface):
interfaces.append(interface)
cmd.remove_sequence(interfaces, fw_zone.removeInterface,
fw_zone.queryInterface, None, "'%s'")
else:
#cmd.x_remove_sequence(args.zone, interfaces,
cmd.x_remove_sequence(args.zone, args.interface,
fw.removeInterface, fw.queryInterface,
None, "'%s'")
elif args.item == "source":
if args.permanent:
cmd.remove_sequence(args.source, fw_zone.removeSource,
fw_zone.querySource, cmd.parse_source,
"'%s'")
else:
cmd.x_remove_sequence(args.zone, args.source,
fw.removeSource, fw.querySource,
cmd.parse_source, "'%s'")
elif args.item == "service":
if args.permanent:
cmd.remove_sequence(args.service, fw_zone.removeService,
fw_zone.queryService, None, "'%s'")
else:
cmd.x_remove_sequence(args.zone, args.service,
fw.removeService, fw.queryService,
None, "'%s'")
elif args.item == "port":
if args.permanent:
cmd.remove_sequence(args.port,
fw_zone.removePort, fw_zone.queryPort,
cmd.parse_port, "'%s/%s'")
else:
cmd.x_remove_sequence(args.zone, args.port,
fw.removePort, fw.queryPort,
cmd.parse_port, "'%s/%s'")
elif args.item == "protocol":
if args.permanent:
cmd.remove_sequence(args.protocol,
fw_zone.removeProtocol,
fw_zone.queryProtocol,
None, "'%s'")
else:
cmd.x_remove_sequence(args.zone, args.protocol,
fw.removeProtocol, fw.queryProtocol,
None, "'%s'")
elif args.item == "source-port":
if args.permanent:
cmd.remove_sequence(args.port,
fw_zone.removeSourcePort,
fw_zone.querySourcePort,
cmd.parse_port, "'%s/%s'")
else:
cmd.x_remove_sequence(args.zone, args.port,
fw.removeSourcePort, fw.querySourcePort,
cmd.parse_port, "'%s/%s'")
elif args.item == "rich-rule":
if args.permanent:
cmd.remove_sequence(args.rich_rule, fw_zone.removeRichRule,
fw_zone.queryRichRule, None, "'%s'")
else:
cmd.x_remove_sequence(args.zone, args.rich_rule,
fw.removeRichRule,
fw.queryRichRule, None, "'%s'")
elif args.item == "masquerade":
if args.permanent:
fw_zone.removeMasquerade()
else:
fw.removeMasquerade(args.zone)
elif args.item == "forward-port":
if args.permanent:
cmd.remove_sequence(args.forward_port,
fw_zone.removeForwardPort,
fw_zone.queryForwardPort,
cmd.parse_forward_port,
"port=%s:proto=%s:toport=%s:toaddr=%s")
else:
cmd.x_remove_sequence(args.zone, args.forward_port,
fw.removeForwardPort,
fw.queryForwardPort,
cmd.parse_forward_port,
"'port=%s:proto=%s:toport=%s:toaddr=%s'")
elif args.item == "icmp-block":
if args.permanent:
cmd.remove_sequence(args.icmp_block, fw_zone.removeIcmpBlock,
fw_zone.queryIcmpBlock, None, "'%s'")
else:
cmd.x_remove_sequence(args.zone, args.icmp_block,
fw.removeIcmpBlock,
fw.queryIcmpBlock,
None, "'%s'")
elif args.item == "icmp-block-inversion":
if args.permanent:
fw_zone.removeIcmpBlockInversion()
else:
fw.removeIcmpBlockInversion(args.zone)
else:
cmd.fail("Uncaught argument")
elif args.action == "get":
if not hasattr(args, "item"):
grp_zone_get.print_help()
sys.exit(0)
if args.permanent:
if args.zone == "":
fw_zone = fw.config().getZoneByName(fw.getDefaultZone())
else:
fw_zone = fw.config().getZoneByName(args.zone)
else:
fw_zone = fw.getZoneSettings(args.zone)
if args.item == "description":
cmd.print_and_exit(fw_zone.getDescription())
elif args.item == "short":
cmd.print_and_exit(fw_zone.getShort())
else:
cmd.fail("Uncaught argument")
elif args.action == "set":
if not hasattr(args, "item"):
grp_zone_set.print_help()
sys.exit(0)
if args.permanent:
if args.zone == "":
fw_zone = fw.config().getZoneByName(fw.getDefaultZone())
else:
fw_zone = fw.config().getZoneByName(args.zone)
else:
cmd.fail("Not possible to alter runtime zone settings")
if args.item == "description":
fw_zone.setDescription(args.description)
elif args.item == "short":
fw_zone.setShort(args.short)
else:
cmd.fail("Uncaught argument")
elif args.action == "query":
if not hasattr(args, "item"):
grp_zone_query.print_help()
sys.exit(0)
if args.permanent:
if args.zone == "":
fw_zone = fw.config().getZoneByName(fw.getDefaultZone())
else:
fw_zone = fw.config().getZoneByName(args.zone)
if args.item == "interface":
if args.permanent:
cmd.query_sequence(args.interface,
fw_zone.queryInterface,
None, "'%s'")
else:
cmd.x_query_sequence(args.zone, args.interface,
fw.queryInterface,
None, "'%s'")
elif args.item == "source":
if args.permanent:
cmd.query_sequence(args.source,
fw_zone.querySource,
cmd.parse_source, "'%s'")
else:
cmd.x_query_sequence(args.zone, args.source,
fw.querySource,
cmd.parse_source, "'%s'")
elif args.item == "service":
if args.permanent:
cmd.query_sequence(args.service,
fw_zone.queryService,
None, "'%s'")
else:
cmd.x_query_sequence(args.zone, args.service,
fw.queryService,
None, "'%s'")
elif args.item == "port":
if args.permanent:
cmd.query_sequence(args.port,
fw_zone.queryPort,
cmd.parse_port, "'%s/%s'")
else:
cmd.x_query_sequence(args.zone, args.port,
fw.queryPort,
cmd.parse_port, "'%s/%s'")
elif args.item == "protocol":
if args.permanent:
cmd.query_sequence(args.protocol,
fw_zone.queryProtocol,
None, "'%s'")
else:
cmd.x_query_sequence(args.zone, args.protocol,
fw.queryProtocol,
None, "'%s'")
elif args.item == "source-port":
if args.permanent:
cmd.query_sequence(args.port,
fw.querySourcePort,
cmd.parse_port, "'%s/%s'")
else:
cmd.x_query_sequence(args.zone, args.port,
fw.querySourcePort,
cmd.parse_port, "'%s/%s'")
elif args.item == "rich-rule":
if args.permanent:
cmd.query_sequence(args.rich_rule,
fw_zone.queryRichRule, None, "'%s'")
else:
cmd.x_query_sequence(args.zone, args.rich_rule,
fw.queryRichRule, None, "'%s'")
elif args.item == "masquerade":
if args.permanent:
cmd.print_query_result(fw_zone.queryMasquerade())
else:
cmd.print_query_result(fw.queryMasquerade(args.zone))
elif args.item == "forward-port":
if args.permanent:
cmd.query_sequence(args.forward_port,
fw_zone.queryForwardPort,
cmd.parse_forward_port,
"port=%s:proto=%s:toport=%s:toaddr=%s")
else:
cmd.x_query_sequence(args.zone, args.forward_port,
fw.queryForwardPort,
cmd.parse_forward_port,
"'port=%s:proto=%s:toport=%s:toaddr=%s'")
elif args.item == "icmp-block":
if args.permanent:
cmd.query_sequence(args.icmp_block,
fw_zone.queryIcmpBlock, None, "'%s'")
else:
cmd.x_query_sequence(args.zone, args.icmp_block,
fw.queryIcmpBlock,
None, "'%s'")
elif args.item == "icmp-block-inversion":
if args.permanent:
cmd.print_query_result(fw_zone.queryIcmpBlockInversion())
else:
cmd.print_query_result(fw.queryIcmpBlockInversion(args.zone))
else:
cmd.fail("Uncaught argument")
elif args.action == "list":
if not hasattr(args, "item"):
grp_zone_list.print_help()
sys.exit(0)
if args.permanent:
if args.zone == "":
fw_zone = fw.config().getZoneByName(fw.getDefaultZone())
else:
fw_zone = fw.config().getZoneByName(args.zone)
if args.item == "interfaces":
if args.permanent:
cmd.print_and_exit(" ".join(fw_zone.getInterfaces()))
else:
cmd.print_and_exit(" ".join(fw.getInterfaces(args.zone)))
elif args.item == "sources":
if args.permanent:
cmd.print_and_exit(" ".join(fw_zone.getSources()))
else:
cmd.print_and_exit(" ".join(fw.getSources(args.zone)))
elif args.item == "services":
if args.permanent:
cmd.print_and_exit(" ".join(fw_zone.getServices()))
else:
cmd.print_and_exit(" ".join(fw.getServices(args.zone)))
elif args.item == "ports":
if args.permanent:
cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
for port in
fw_zone.getPorts()]))
else:
cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
for port in
fw.getPorts(args.zone)]))
elif args.item == "protocols":
if args.permanent:
cmd.print_and_exit(" ".join(fw_zone.getProtocols()))
else:
cmd.print_and_exit(" ".join(fw.getProtocols(args.zone)))
elif args.item == "source-ports":
if args.permanent:
cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
for port in
fw_zone.getSourcePorts()]))
else:
cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
for port in
fw.getSourcePorts(args.zone)]))
elif args.item == "rich-rules":
if args.permanent:
cmd.print_and_exit("\n".join(fw_zone.getRichRules()))
else:
cmd.print_and_exit("\n".join(fw.getRichRules(args.zone)))
elif args.item == "forward-ports":
if args.permanent:
cmd.print_and_exit(
"\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % \
(port, protocol, toport, toaddr) for
(port, protocol, toport, toaddr) in
fw_zone.getForwardPorts()]))
else:
cmd.print_and_exit(
"\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % \
(port, protocol, toport, toaddr) for
(port, protocol, toport, toaddr) in
fw.getForwardPorts(args.zone)]))
elif args.item == "icmp-blocks":
if args.permanent:
cmd.print_and_exit(" ".join(fw_zone.getIcmpBlocks()))
else:
cmd.print_and_exit(" ".join(fw.getIcmpBlocks(args.zone)))
else:
cmd.fail("Uncaught argument")
elif args.action == "load-defaults":
if args.permanent:
fw_zone = fw.config().getZoneByName(args.zone)
fw_zone.loadDefaults()
else:
cmd.fail("Not possible to load defaults in runtime")
else:
cmd.fail("Uncaught argument")
#############################################################################
# service
elif args.parser == "service":
if not hasattr(args, "action"):
grp_service.print_help()
sys.exit(0)
if args.action == "add":
if not hasattr(args, "item"):
grp_service_add.print_help()
sys.exit(0)
if args.permanent:
fw_service = fw.config().getServiceByName(args.service)
else:
cmd.fail("Not possible to alter runtime service settings")
if args.item == "port":
cmd.add_sequence(args.port,
fw_service.addPort, fw_service.queryPort,
cmd.parse_port, "'%s/%s'")
elif args.item == "protocol":
cmd.add_sequence(args.protocol,
fw_service.addProtocol,
fw_service.queryProtocol,
None, "'%s'")
elif args.item == "source-port":
cmd.add_sequence(args.port,
fw_service.addSourcePort,
fw_service.querySourcePort,
cmd.parse_port, "'%s/%s'")
elif args.item == "module":
cmd.add_sequence(args.module,
fw_service.addModule,
fw_service.queryModule,
None, "'%s'")
elif args.item == "destination":
cmd.add_sequence(args.destination,
fw_service.setDestination,
fw_service.queryDestination,
cmd.parse_service_destination, "%s:%s")
else:
cmd.fail("Uncaught argument")
elif args.action == "remove":
if not hasattr(args, "item"):
grp_service_remove.print_help()
sys.exit(0)
if args.permanent:
fw_service = fw.config().getServiceByName(args.service)
else:
cmd.fail("Not possible to alter runtime service settings")
if args.item == "port":
cmd.remove_sequence(args.port,
fw_service.removePort,
fw_service.queryPort,
cmd.parse_port, "'%s/%s'")
elif args.item == "protocol":
cmd.remove_sequence(args.protocol,
fw_service.removeProtocol,
fw_service.queryProtocol,
None, "'%s'")
elif args.item == "source-port":
cmd.remove_sequence(args.port,
fw_service.removeSourcePort,
fw_service.querySourcePort,
cmd.parse_port, "'%s/%s'")
elif args.item == "module":
cmd.remove_sequence(args.module,
fw_service.removeModule,
fw_service.queryModule,
None, "'%s'")
elif args.item == "destination":
cmd.remove_sequence(args.destination,
fw_service.removeDestination,
fw_service.queryDestination,
cmd.parse_service_destination, "%s:%s")
else:
cmd.fail("Uncaught argument")
elif args.action == "get":
if not hasattr(args, "item"):
grp_service_get.print_help()
sys.exit(0)
if args.permanent:
fw_service = fw.config().getServiceByName(args.service)
else:
fw_service = fw.getServiceSettings(args.service)
if args.item == "description":
cmd.print_and_exit(fw_service.getDescription())
elif args.item == "short":
cmd.print_and_exit(fw_service.getShort())
else:
cmd.fail("Uncaught argument")
elif args.action == "set":
if not hasattr(args, "item"):
grp_service_set.print_help()
sys.exit(0)
if args.permanent:
fw_service = fw.config().getServiceByName(args.service)
else:
cmd.fail("Not possible to alter runtime service settings")
if args.item == "description":
fw_service.setDescription(args.description)
elif args.item == "short":
fw_service.setShort(args.short)
else:
cmd.fail("Uncaught argument")
elif args.action == "query":
if not hasattr(args, "item"):
grp_service_query.print_help()
sys.exit(0)
if args.permanent:
fw_service = fw.config().getServiceByName(args.service)
else:
fw_service = fw.getServiceSettings(args.service)
if args.item == "port":
cmd.query_sequence(args.port,
fw_service.queryPort,
cmd.parse_port, "'%s/%s'")
elif args.item == "protocol":
cmd.query_sequence(args.protocol,
fw_service.queryProtocol,
None, "'%s'")
elif args.item == "source-port":
cmd.query_sequence(args.port,
fw.querySourcePort,
cmd.parse_port, "'%s/%s'")
elif args.item == "module":
cmd.query_sequence(args.module,
fw_service.queryModule,
None, "'%s'")
elif args.item == "destination":
cmd.query_sequence(args.destination,
fw_service.queryDestination,
cmd.parse_service_destination, "%s:%s")
else:
cmd.fail("Uncaught argument")
elif args.action == "list":
if not hasattr(args, "item"):
grp_service_list.print_help()
sys.exit(0)
if args.permanent:
fw_service = fw.config().getServiceByName(args.service)
else:
fw_service = fw.getServiceSettings(args.service)
if args.item == "ports":
cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
for port in
fw_service.getPorts()]))
elif args.item == "protocols":
cmd.print_and_exit(" ".join(fw_service.getProtocols()))
elif args.item == "source-ports":
cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
for port in
fw_service.getSourcePorts()]))
elif args.item == "modules":
cmd.print_and_exit(" ".join(fw_service.getModules()))
elif args.item == "destinations":
cmd.print_and_exit(
" ".join(["%s:%s" % (dest[0], dest[1]) for dest in
fw_service.getDestinations().items()]))
else:
cmd.fail("Uncaught argument")
elif args.action == "load-defaults":
if args.permanent:
fw_service = fw.config().getServiceByName(args.service)
fw_service.loadDefaults()
else:
cmd.fail("Not possible to load defaults in runtime")
else:
cmd.fail("Uncaught argument")
#############################################################################
# ipset
elif args.parser == "ipset":
if not hasattr(args, "action"):
grp_ipset.print_help()
sys.exit(0)
if args.action == "add":
if not hasattr(args, "item"):
grp_ipset_add.print_help()
sys.exit(0)
if args.item == "entry":
if args.permanent:
fw_ipset = fw.config().getIPSetByName(args.ipset)
cmd.add_sequence(args.entry,
fw_ipset.addEntry, fw_ipset.queryEntry,
None, "'%s'")
else:
cmd.x_add_sequence(args.ipset, args.entry,
fw.addEntry, fw.queryEntry,
None, "'%s'")
elif args.item == "entries-from-file":
if args.permanent:
fw_ipset = fw.config().getIPSetByName(args.ipset)
old_entries = fw_ipset.getEntries()
else:
old_entries = fw.getEntries(args.ipset)
changed = False
for filename in args.entries_from_file:
try:
entries = cmd.get_ipset_entries_from_file(filename)
except IOError as msg:
message = "Failed to read file '%s': %s" % (filename, msg)
if len(args.entries_from_file) > 1:
cmd.print_warning(message)
else:
cmd.print_and_exit(message)
else:
for entry in entries:
if entry not in old_entries:
old_entries.append(entry)
changed = True
else:
cmd.print_if_verbose(
"Warning: ALREADY_ENABLED: %s" % entry)
if changed:
if args.permanent:
fw_ipset.setEntries(old_entries)
else:
fw.setEntries(args.ipset, old_entries)
else:
cmd.fail("Uncaught argument")
elif args.action == "get":
if not hasattr(args, "item"):
grp_ipset_get.print_help()
sys.exit(0)
if args.permanent:
fw_ipset = fw.config().getIPSetByName(args.ipset)
else:
fw_ipset = fw.getIPSetSettings(args.ipset)
if args.item == "description":
cmd.print_and_exit(fw_ipset.getDescription())
elif args.item == "short":
cmd.print_and_exit(fw_ipset.getShort())
else:
cmd.fail("Uncaught argument")
elif args.action == "set":
if not hasattr(args, "item"):
grp_ipset_set.print_help()
sys.exit(0)
if args.permanent:
fw_ipset = fw.config().getIPSetByName(args.ipset)
else:
cmd.fail("Not possible to alter runtime ipset settings")
if args.item == "description":
fw_ipset.setDescription(args.description)
elif args.item == "short":
fw_ipset.setShort(args.short)
else:
cmd.fail("Uncaught argument")
elif args.action == "remove":
if not hasattr(args, "item"):
grp_ipset_remove.print_help()
sys.exit(0)
if args.item == "entry":
if args.permanent:
fw_ipset = fw.config().getIPSetByName(args.ipset)
cmd.remove_sequence(args.entry,
fw_ipset.removeEntry, fw_ipset.queryEntry,
None, "'%s'")
else:
cmd.x_remove_sequence(args.ipset, args.entry,
fw.removeEntry, fw.queryEntry,
None, "'%s'")
elif args.item == "entries-from-file":
if args.permanent:
fw_ipset = fw.config().getIPSetByName(args.ipset)
old_entries = fw_ipset.getEntries()
else:
old_entries = fw.getEntries(args.ipset)
changed = False
for filename in args.entries_from_file:
try:
entries = cmd.get_ipset_entries_from_file(filename)
except IOError as msg:
message = "Failed to read file '%s': %s" % (filename, msg)
if len(args.entries_from_file) > 1:
cmd.print_warning(message)
else:
cmd.print_and_exit(message)
else:
for entry in entries:
if entry in old_entries:
old_entries.remove(entry)
changed = True
else:
cmd.print_if_verbose(
"Warning: NOT_ENABLED: %s" % entry)
if changed:
if args.permanent:
fw_ipset.setEntries(old_entries)
else:
fw.setEntries(args.ipset, old_entries)
elif args.item == "all":
if args.permanent:
fw_ipset.setEntries(args.ipset, [ ])
else:
fw.setEntries(args.ipset, [ ])
else:
cmd.fail("Uncaught argument")
elif args.action == "query":
if not hasattr(args, "item"):
grp_ipset_query.print_help()
sys.exit(0)
if args.item == "entry":
if args.permanent:
fw_ipset = fw.config().getIPSetByName(args.ipset)
cmd.query_sequence(args.entry,
fw_ipset.queryEntry, None, "'%s'")
else:
cmd.x_query_sequence(args.ipset, args.entry,
fw.queryEntry, None, "'%s'")
elif args.item == "entries-from-file":
if args.permanent:
fw_ipset = fw.config().getIPSetByName(args.ipset)
old_entries = fw_ipset.getEntries()
else:
old_entries = fw.getEntries(args.ipset)
changed = False
for filename in args.entries_from_file:
try:
entries = cmd.get_ipset_entries_from_file(filename)
except IOError as msg:
message = "Failed to read file '%s': %s" % (filename, msg)
if len(args.entries_from_file) > 1:
cmd.print_warning(message)
else:
cmd.print_and_exit(message)
else:
for entry in entries:
cmd.print_msg("%s: %s" % \
(entry,
("no", "yes")[entry in old_entries]))
else:
cmd.fail("Uncaught argument")
elif args.action == "list":
if not hasattr(args, "item"):
grp_ipset_list.print_help()
sys.exit(0)
if args.item == "entries":
if args.permanent:
fw_ipset = fw.config().getIPSetByName(args.ipset)
cmd.print_and_exit("\n".join(fw_ipset.getEntries()))
else:
cmd.print_and_exit("\n".join(fw.getEntries(args.ipset)))
else:
cmd.fail("Uncaught argument")
elif args.action == "load-defaults":
if args.permanent:
fw_ipset = fw.config().getIPSetByName(args.ipset)
fw_ipset.loadDefaults()
else:
cmd.fail("Not possible to load defaults in runtime")
else:
cmd.fail("Uncaught argument")
#############################################################################
# helper
elif args.parser == "helper":
if not hasattr(args, "action"):
grp_helper.print_help()
sys.exit(0)
if args.action == "add":
if not hasattr(args, "item"):
grp_helper_add.print_help()
sys.exit(0)
if args.permanent:
fw_helper = fw.config().getHelperByName(args.helper)
else:
cmd.fail("Not possible to alter runtime helper settings")
if args.item == "port":
cmd.add_sequence(args.port,
fw_helper.addPort, fw_helper.queryPort,
cmd.parse_port, "'%s/%s'")
else:
cmd.fail("Uncaught argument")
elif args.action == "remove":
if not hasattr(args, "item"):
grp_helper_remove.print_help()
sys.exit(0)
if args.permanent:
fw_helper = fw.config().getHelperByName(args.helper)
else:
cmd.fail("Not possible to alter runtime helper settings")
if args.item == "port":
cmd.remove_sequence(args.port,
fw_helper.removePort,
fw_helper.queryPort,
cmd.parse_port, "'%s/%s'")
else:
cmd.fail("Uncaught argument")
elif args.action == "get":
if not hasattr(args, "item"):
grp_helper_get.print_help()
sys.exit(0)
if args.permanent:
fw_helper = fw.config().getHelperByName(args.helper)
else:
fw_helper = fw.getHelperSettings(args.helper)
if args.item == "description":
cmd.print_and_exit(fw_helper.getDescription())
elif args.item == "family":
cmd.print_and_exit(fw_helper.getFamily())
elif args.item == "module":
cmd.print_and_exit(fw_helper.getModule())
elif args.item == "short":
cmd.print_and_exit(fw_helper.getShort())
else:
cmd.fail("Uncaught argument")
elif args.action == "set":
if not hasattr(args, "item"):
grp_helper_set.print_help()
sys.exit(0)
if args.permanent:
fw_helper = fw.config().getHelperByName(args.helper)
else:
cmd.fail("Not possible to alter runtime helper settings")
if args.item == "description":
fw_helper.setDescription(args.description)
elif args.item == "family":
fw_helper.setFamily(cmd.check_helper_family(args.family))
elif args.item == "module":
fw_helper.setModule(cmd.check_module(args.module))
elif args.item == "short":
fw_helper.setShort(args.short)
else:
cmd.fail("Uncaught argument")
elif args.action == "query":
if not hasattr(args, "item"):
grp_helper_query.print_help()
sys.exit(0)
if args.permanent:
fw_helper = fw.config().getHelperByName(args.helper)
else:
fw_helper = fw.getHelperSettings(args.helper)
if args.item == "port":
cmd.query_sequence(args.port,
fw_helper.queryPort,
cmd.parse_port, "'%s/%s'")
else:
cmd.fail("Uncaught argument")
elif args.action == "list":
if not hasattr(args, "item"):
grp_helper_list.print_help()
sys.exit(0)
if args.permanent:
fw_helper = fw.config().getHelperByName(args.helper)
else:
fw_helper = fw.getHelperSettings(args.helper)
if args.item == "ports":
cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1])
for port in
fw_helper.getPorts()]))
else:
cmd.fail("Uncaught argument")
elif args.action == "load-defaults":
if args.permanent:
fw_helper = fw.config().getHelperByName(args.helper)
fw_helper.loadDefaults()
else:
cmd.fail("Not possible to load defaults in runtime")
else:
cmd.fail("Uncaught argument")
#############################################################################
# icmptype
elif args.parser == "icmptype":
if not hasattr(args, "action"):
grp_icmptype.print_help()
sys.exit(0)
if args.action == "add":
if not hasattr(args, "item"):
grp_icmptype_add.print_help()
sys.exit(0)
if args.permanent:
fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
else:
cmd.fail("Not possible to alter runtime icmptype settings")
if args.item == "destination":
cmd.add_sequence(args.destination,
fw_icmptype.addDestination,
fw_icmptype.queryDestination,
cmd.check_destination_ipv, "'%s'")
else:
cmd.fail("Uncaught argument")
elif args.action == "remove":
if not hasattr(args, "item"):
grp_icmptype_remove.print_help()
sys.exit(0)
if args.permanent:
fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
else:
cmd.fail("Not possible to alter runtime icmptype settings")
if args.item == "destination":
cmd.remove_sequence(args.destination,
fw_icmptype.removeDestination,
fw_icmptype.queryDestination,
cmd.check_destination_ipv, "'%s'")
else:
cmd.fail("Uncaught argument")
elif args.action == "get":
if not hasattr(args, "item"):
grp_icmptype_get.print_help()
sys.exit(0)
if args.permanent:
fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
else:
fw_icmptype = fw.getIcmpTypeSettings(args.icmptype)
if args.item == "description":
cmd.print_and_exit(fw_icmptype.getDescription())
elif args.item == "short":
cmd.print_and_exit(fw_icmptype.getShort())
else:
cmd.fail("Uncaught argument")
elif args.action == "set":
if not hasattr(args, "item"):
grp_icmptype_set.print_help()
sys.exit(0)
if args.permanent:
fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
else:
cmd.fail("Not possible to alter runtime icmptype settings")
if args.item == "description":
fw_icmptype.setDescription(args.description)
elif args.item == "short":
fw_icmptype.setShort(args.short)
else:
cmd.fail("Uncaught argument")
elif args.action == "query":
if not hasattr(args, "item"):
grp_icmptype_query.print_help()
sys.exit(0)
if args.permanent:
fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
else:
fw_icmptype = fw.getIcmpTypeSettings(args.icmptype)
if args.item == "destination":
cmd.query_sequence(args.destination,
fw_icmptype.queryDestination,
cmd.check_destination_ipv, "'%s'")
else:
cmd.fail("Uncaught argument")
elif args.action == "list":
if not hasattr(args, "item"):
grp_icmptype_list.print_help()
sys.exit(0)
if args.permanent:
fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
else:
fw_icmptype = fw.getIcmpTypeSettings(args.icmptype)
if args.item == "destinations":
items = fw_icmptype.getDestinations()
if len(items) < 1:
items = [ "ipv4", "ipv6" ]
cmd.print_and_exit(" ".join(items))
else:
cmd.fail("Uncaught argument")
elif args.action == "load-defaults":
if args.permanent:
fw_icmptype = fw.config().getIcmpTypeByName(args.icmptype)
fw_icmptype.loadDefaults()
else:
cmd.fail("Not possible to load defaults in runtime")
else:
cmd.fail("Uncaught argument")
#############################################################################
# new
elif args.parser == "new":
if not hasattr(args, "action"):
grp_new.print_help()
sys.exit(0)
if not args.permanent:
cmd.fail("Not possible to use new in runtime environment")
if args.action == "zone":
if args.name is None and args.filename is None:
cmd.fail("Missing option: -n <name> | -f <filename> [-n <name>]")
elif args.filename is not None:
filename = os.path.basename(args.filename)
dirname = os.path.dirname(args.filename)
if dirname == "":
dirname = "./"
try:
obj = zone_reader(filename, dirname)
except FirewallError as msg:
cmd.fail("Failed to load zone file '%s': %s" % \
(args.filename, msg))
except IOError as msg:
cmd.fail("Failed to load zone file: %s" % msg)
if args.name:
obj.name = args.name
config = fw.config()
config.addZone(obj.name, obj.export_config())
else:
config = fw.config()
config.addZone(args.name, FirewallClientZoneSettings())
elif args.action == "service":
if args.name is None and args.filename is None:
cmd.fail("Missing option: -n <name> | -f <filename> [-n <name>]")
elif args.filename is not None:
filename = os.path.basename(args.filename)
dirname = os.path.dirname(args.filename)
if dirname == "":
dirname = "./"
try:
obj = service_reader(filename, dirname)
except FirewallError as msg:
cmd.fail("Failed to load service file '%s': %s" % \
(args.filename, msg))
except IOError as msg:
cmd.fail("Failed to load service file: %s" % msg)
if args.name:
obj.name = args.name
config = fw.config()
config.addService(obj.name, obj.export_config())
else:
config = fw.config()
config.addService(args.name, FirewallClientServiceSettings())
elif args.action == "ipset":
if args.filename is None and (args.name is None or args.type is None):
cmd.fail("Missing option: -n <name> -t <ipsettype> | "
"-f <filename> [-n <name>]")
elif args.filename is not None:
filename = os.path.basename(args.filename)
dirname = os.path.dirname(args.filename)
if dirname == "":
dirname = "./"
try:
obj = ipset_reader(filename, dirname)
except FirewallError as msg:
cmd.fail("Failed to load ipset file '%s': %s" % \
(args.filename, msg))
except IOError as msg:
cmd.fail("Failed to load ipset file: %s" % msg)
if args.name:
obj.name = args.name
config = fw.config()
config.addIPSet(obj.name, obj.export_config())
else:
settings = FirewallClientIPSetSettings()
settings.setType(args.type)
if args.option:
for opt in args.option:
settings.addOption(*cmd.parse_ipset_option(opt))
config = fw.config()
config.addIPSet(args.name, settings)
elif args.action == "helper":
if args.name is None and args.filename is None:
cmd.fail("Missing option: -n <name> | -f <filename> [-n <name>]")
elif args.filename is not None:
filename = os.path.basename(args.filename)
dirname = os.path.dirname(args.filename)
if dirname == "":
dirname = "./"
try:
obj = helper_reader(filename, dirname)
except FirewallError as msg:
cmd.fail("Failed to load helper file '%s': %s" % \
(args.filename, msg))
except IOError as msg:
cmd.fail("Failed to load helper file: %s" % msg)
if args.name:
obj.name = args.name
config = fw.config()
config.addHelper(obj.name, obj.export_config())
else:
config = fw.config()
config.addHelper(args.name, FirewallClientHelperSettings())
elif args.action == "icmptype":
if args.name is None and args.filename is None:
cmd.fail("Missing option: -n <name> | -f <filename> [-n <name>]")
elif args.filename is not None:
filename = os.path.basename(args.filename)
dirname = os.path.dirname(args.filename)
if dirname == "":
dirname = "./"
try:
obj = icmptype_reader(filename, dirname)
except FirewallError as msg:
cmd.fail("Failed to load icmptype file '%s': %s" % \
(args.filename, msg))
except IOError as msg:
cmd.fail("Failed to load icmptype file: %s" % msg)
if args.name:
obj.name = args.name
config = fw.config()
config.addIcmpType(obj.name, obj.export_config())
else:
config = fw.config()
config.addIcmpType(args.name, FirewallClientIcmpTypeSettings())
else:
cmd.fail("Uncaught argument")
#############################################################################
# delete
elif args.parser == "delete":
if not hasattr(args, "action"):
grp_delete.print_help()
sys.exit(0)
if not args.permanent:
cmd.fail("Not possible to use delete in runtime environment")
if args.action == "zone":
zone = fw.config().getZoneByName(args.zone)
zone.remove()
elif args.action == "service":
service = fw.config().getServiceByName(args.service)
service.remove()
elif args.action == "ipset":
ipset = fw.config().getIPSetByName(args.ipset)
ipset.remove()
elif args.action == "helper":
helper = fw.config().getHelperByName(args.helper)
helper.remove()
elif args.action == "icmptype":
icmptype = fw.config().getIcmpTypeByName(args.icmptype)
icmptype.remove()
else:
cmd.fail("Uncaught argument")
#############################################################################
# direct
elif args.parser == "direct":
if not hasattr(args, "action"):
grp_direct.print_help()
sys.exit(0)
if args.action == "add":
if not hasattr(args, "item"):
grp_direct_add.print_help()
sys.exit(0)
if args.permanent:
fw_direct = fw.config().direct()
if args.item == "chain":
if args.permanent:
fw_direct.addChain(cmd.check_ipv(args.chain[0]),
args.chain[1], args.chain[2])
else:
fw.addChain(cmd.check_ipv(args.chain[0]), args.chain[1],
args.chain[2])
elif args.item == "rule":
failure_msg = "usage: direct add rule { ipv4 | ipv6 | eb }" + \
" <table> <chain> <priority> <args>"
if len(args.rule) < 5:
cmd.fail(failure_msg)
try:
priority = int(args.rule[3])
except ValueError:
cmd.fail(failure_msg)
if args.permanent:
fw_direct.addRule(cmd.check_ipv(args.rule[0]), args.rule[1],
args.rule[2], priority,
splitArgs(args.rule[4]))
else:
fw.addRule(cmd.check_ipv(args.rule[0]), args.rule[1],
args.rule[2], priority, splitArgs(args.rule[4]))
elif args.item == "passthrough":
if len(args.passthrough) < 2:
cmd.fail("usage: direct add passthrough "
"{ ipv4 | ipv6 | eb } <args>")
if args.permanent:
cmd.print_msg(
fw_direct.addPassthrough(cmd.check_ipv(args.passthrough[0]),
splitArgs(args.passthrough[1])))
else:
cmd.print_msg(
fw.addPassthrough(cmd.check_ipv(args.passthrough[0]),
splitArgs(args.passthrough[1])))
else:
cmd.fail("Uncaught argument")
elif args.action == "query":
if not hasattr(args, "item"):
grp_direct_query.print_help()
sys.exit(0)
if args.permanent:
fw_direct = fw.config().direct()
if args.item == "chain":
if args.permanent:
cmd.print_query_result(
fw_direct.queryChain(cmd.check_ipv(args.chain[0]),
args.chain[1], args.chain[2]))
else:
cmd.print_query_result(
fw.queryChain(cmd.check_ipv(args.chain[0]), args.chain[1],
args.chain[2]))
elif args.item == "rule":
failure_msg = "usage: direct query rule { ipv4 | ipv6 | eb }" + \
" <table> <chain> <priority> <args>"
if len(args.rule) < 5:
cmd.fail(failure_msg)
try:
priority = int(args.rule[3])
except ValueError:
cmd.fail(failure_msg)
if args.permanent:
cmd.print_query_result(
fw_direct.queryRule(cmd.check_ipv(args.rule[0]),
args.rule[1], args.rule[2], priority,
splitArgs(args.rule[4])))
else:
cmd.print_query_result(
fw.queryRule(cmd.check_ipv(args.rule[0]), args.rule[1],
args.rule[2], priority,
splitArgs(args.rule[4])))
elif args.item == "passthrough":
if len(args.passthrough) < 2:
cmd.fail("usage: direct query passthrough "
"{ ipv4 | ipv6 | eb } <args>")
if args.permanent:
cmd.print_query_result(
fw_direct.queryPassthrough(
cmd.check_ipv(args.passthrough[0]),
splitArgs(args.passthrough[1])))
else:
cmd.print_query_result(
fw.queryPassthrough(cmd.check_ipv(args.passthrough[0]),
splitArgs(args.passthrough[1])))
else:
cmd.fail("Uncaught argument")
elif args.action == "remove":
if not hasattr(args, "item"):
grp_direct_remove.print_help()
sys.exit(0)
if args.permanent:
fw_direct = fw.config().direct()
if args.item == "chain":
if args.permanent:
fw_direct.removeChain(cmd.check_ipv(args.chain[0]),
args.chain[1], args.chain[2])
else:
fw.removeChain(cmd.check_ipv(args.chain[0]), args.chain[1],
args.chain[2])
elif args.item == "rule":
failure_msg = "usage: direct remove rule { ipv4 | ipv6 | eb }" + \
" <table> <chain> <priority> <args>"
if len(args.rule) < 5:
cmd.fail(failure_msg)
try:
priority = int(args.rule[3])
except ValueError:
cmd.fail(failure_msg)
if args.permanent:
fw_direct.removeRule(cmd.check_ipv(args.rule[0]), args.rule[1],
args.rule[2], priority,
splitArgs(args.rule[4]))
else:
fw.removeRule(cmd.check_ipv(args.rule[0]), args.rule[1],
args.rule[2], priority, splitArgs(args.rule[4]))
elif args.item == "passthrough":
if len(args.passthrough) < 2:
cmd.fail("usage: direct remove passthrough "
"{ ipv4 | ipv6 | eb } <args>")
if args.permanent:
fw_direct.removePassthrough(cmd.check_ipv(args.passthrough[0]),
splitArgs(args.passthrough[1]))
else:
fw.removePassthrough(cmd.check_ipv(args.passthrough[0]),
splitArgs(args.passthrough[1]))
else:
cmd.fail("Uncaught argument")
elif args.action == "passthrough":
if len(args.passthrough) < 2:
cmd.fail("usage: direct passthrough { ipv4 | ipv6 | eb } <args>")
msg = fw.passthrough(cmd.check_ipv(args.passthrough[0]),
splitArgs(args.passthrough[1]))
if msg:
sys.stdout.write(msg + "\n")
elif args.action == "get":
if not hasattr(args, "item"):
grp_direct_add.print_help()
sys.exit(0)
if args.permanent:
fw_direct = fw.config().direct()
if args.item == "all-chains":
if args.permanent:
chains = fw_direct.getAllChains()
for (ipv, table, chain) in chains:
cmd.print_msg("%s %s %s" % (ipv, table, chain))
sys.exit(0)
else:
chains = fw.getAllChains()
for (ipv, table, chain) in chains:
cmd.print_msg("%s %s %s" % (ipv, table, chain))
sys.exit(0)
if args.item == "chains":
if args.permanent:
cmd.print_and_exit(" ".join(fw_direct.getChains(
cmd.check_ipv(args.chains[0]),
args.chains[1])))
else:
cmd.print_and_exit(
" ".join(fw.getChains(cmd.check_ipv(args.chains[0]),
args.chains[1])))
elif args.item == "all-rules":
if args.permanent:
rules = fw_direct.getAllRules()
for (ipv, table, chain, priority, rule) in rules:
cmd.print_msg("%s %s %s %d %s" % \
(ipv, table, chain, priority,
joinArgs(rule)))
sys.exit(0)
else:
rules = fw.getAllRules()
for (ipv, table, chain, priority, rule) in rules:
cmd.print_msg("%s %s %s %d %s" % \
(ipv, table, chain, priority,
joinArgs(rule)))
sys.exit(0)
elif args.item == "rules":
if args.permanent:
rules = fw_direct.getRules(cmd.check_ipv(args.rules[0]),
args.rules[1], args.rules[2])
for (priority, rule) in rules:
cmd.print_msg("%d %s" % (priority, joinArgs(rule)))
sys.exit(0)
else:
rules = fw.getRules(cmd.check_ipv(args.rules[0]),
args.rules[1], args.rules[2])
for (priority, rule) in rules:
cmd.print_msg("%d %s" % (priority, joinArgs(rule)))
sys.exit(0)
elif args.item == "all-passthroughs":
if args.permanent:
for (ipv, rule) in fw_direct.getAllPassthroughs():
cmd.print_msg("%s %s" % (ipv, joinArgs(rule)))
sys.exit(0)
else:
for (ipv, rule) in fw.getAllPassthroughs():
cmd.print_msg("%s %s" % (ipv, joinArgs(rule)))
sys.exit(0)
elif args.item == "passthroughs":
if args.permanent:
rules = fw_direct.getPassthroughs(cmd.check_ipv(
args.passthroughs[0]))
for rule in rules:
cmd.print_msg(joinArgs(rule))
sys.exit(0)
else:
rules = fw.getPassthroughs(cmd.check_ipv(args.passthroughs[0]))
for rule in rules:
cmd.print_msg(joinArgs(rule))
sys.exit(0)
else:
cmd.fail("Uncaught argument")
else:
cmd.fail("Uncaught argument")
#############################################################################
# lockdown
elif args.parser == "lockdown-whitelist":
if not hasattr(args, "action"):
grp_lockdown_whitelist.print_help()
sys.exit(0)
if args.action == "add":
if not hasattr(args, "item"):
grp_lockdown_whitelist_add.print_help()
sys.exit(0)
if args.permanent:
fw_policies = fw.config().policies()
else:
fw_policies = fw
if args.item == "command":
cmd.add_sequence(args.command,
fw_policies.addLockdownWhitelistCommand,
fw_policies.queryLockdownWhitelistCommand,
None, "'%s'")
elif args.item == "context":
cmd.add_sequence(args.context,
fw_policies.addLockdownWhitelistContext,
fw_policies.queryLockdownWhitelistContext,
None, "'%s'")
elif args.item == "uid":
cmd.add_sequence(args.uid,
fw_policies.addLockdownWhitelistUid,
fw_policies.queryLockdownWhitelistUid,
None, "'%s'")
elif args.item == "user":
cmd.add_sequence(args.user,
fw_policies.addLockdownWhitelistUser,
fw_policies.queryLockdownWhitelistUser,
None, "'%s'")
else:
cmd.fail("Uncaught argument")
elif args.action == "query":
if not hasattr(args, "item"):
grp_lockdown_whitelist_query.print_help()
sys.exit(0)
if args.permanent:
fw_policies = fw.config().policies()
else:
fw_policies = fw
if args.item == "command":
cmd.query_sequence(args.command,
fw_policies.queryLockdownWhitelistCommand,
None, "'%s'")
elif args.item == "context":
cmd.query_sequence(args.context,
fw_policies.queryLockdownWhitelistContext,
None, "'%s'")
elif args.item == "uid":
cmd.query_sequence(args.uid,
fw_policies.queryLockdownWhitelistUid,
None, "'%s'")
elif args.item == "user":
cmd.query_sequence(args.user,
fw_policies.queryLockdownWhitelistUser,
None, "'%s'")
else:
cmd.fail("Uncaught argument")
elif args.action == "remove":
if not hasattr(args, "item"):
grp_lockdown_whitelist_remove.print_help()
sys.exit(0)
if args.permanent:
fw_policies = fw.config().policies()
else:
fw_policies = fw
if args.item == "command":
cmd.remove_sequence(args.command,
fw_policies.removeLockdownWhitelistCommand,
fw_policies.queryLockdownWhitelistCommand,
None, "'%s'")
elif args.item == "context":
cmd.remove_sequence(args.context,
fw_policies.removeLockdownWhitelistContext,
fw_policies.queryLockdownWhitelistContext,
None, "'%s'")
elif args.item == "uid":
cmd.remove_sequence(args.uid,
fw_policies.removeLockdownWhitelistUid,
fw_policies.queryLockdownWhitelistUid,
None, "'%s'")
elif args.item == "user":
cmd.remove_sequence(args.user,
fw_policies.removeLockdownWhitelistUser,
fw_policies.queryLockdownWhitelistUser,
None, "'%s'")
else:
cmd.fail("Uncaught argument")
elif args.action == "list":
if not hasattr(args, "item"):
grp_lockdown_whitelist_list.print_help()
sys.exit(0)
if args.permanent:
fw_policies = fw.config().policies()
else:
fw_policies = fw
if args.item == "commands":
cmd.print_and_exit("\n".join(
fw_policies.getLockdownWhitelistCommands()))
elif args.item == "contexts":
cmd.print_and_exit("\n".join(
fw_policies.getLockdownWhitelistContexts()))
elif args.item == "uids":
cmd.print_and_exit("\n".join(map(
str, fw_policies.getLockdownWhitelistUids())))
elif args.item == "users":
cmd.print_and_exit("\n".join(
fw_policies.getLockdownWhitelistUsers()))
else:
cmd.fail("Uncaught argument")
else:
cmd.fail("Uncaught argument")
#############################################################################
# config
elif args.parser == "config":
if not hasattr(args, "action"):
grp_config.print_help()
sys.exit(0)
if args.action == "get":
if not hasattr(args, "item"):
grp_config_get.print_help()
sys.exit(0)
if args.item == "default-zone":
cmd.print_and_exit(fw.getDefaultZone())
elif args.item == "lockdown":
cmd.print_query_result(fw.queryLockdown())
elif args.item == "log-denied":
cmd.print_and_exit(fw.getLogDenied())
elif args.item == "panic":
cmd.print_query_result(fw.queryPanicMode())
else:
cmd.fail("Uncaught argument")
elif args.action == "list":
cmd.print_msg("default-zone %s" % fw.getDefaultZone())
cmd.print_msg("lockdown %s" % ("no", "yes")[fw.queryLockdown()])
cmd.print_msg("log-denied %s" % fw.getLogDenied())
cmd.print_msg("panic %s" % ("no", "yes")[fw.queryPanicMode()])
sys.exit(0)
elif args.action == "set":
if not hasattr(args, "item"):
grp_config_set.print_help()
sys.exit(0)
if args.item == "default-zone":
fw.setDefaultZone(args.default_zone)
elif args.item == "lockdown":
if args.lockdown in [ "yes", "on" ]:
fw.config().set_property("Lockdown", "yes")
fw.enableLockdown()
elif args.lockdown in [ "no", "off" ]:
fw.config().set_property("Lockdown", "no")
fw.disableLockdown()
else:
cmd.fail("Bad argument")
elif args.item == "log-denied":
fw.setLogDenied(args.log_denied)
elif args.item == "panic":
if args.panic in [ "yes", "on" ]:
fw.enablePanicMode()
elif args.panic in [ "no", "off" ]:
fw.disablePanicMode()
else:
cmd.fail("Bad argument")
else:
cmd.fail("Uncaught argument")
else:
cmd.fail("Uncaught argument")
#############################################################################
# settings
elif args.parser == "settings":
if not hasattr(args, "action"):
grp_settings.print_help()
sys.exit(0)
if args.action == "get":
if not hasattr(args, "item"):
grp_settings_get.print_help()
sys.exit(0)
if args.item == "BRIDGE":
cmd.print_and_exit(("no", "yes")[fw.get_property(args.item)])
elif args.item == "CleanupOnExit":
cmd.print_and_exit(fw.config().get_property(args.item))
elif args.item == "IPSet":
cmd.print_and_exit(("no", "yes")[fw.get_property(args.item)])
elif args.item == "IPSetTypes":
cmd.print_and_exit(" ".join(fw.get_property(args.item)))
elif args.item == "IPv4":
cmd.print_and_exit(("no", "yes")[fw.get_property(args.item)])
elif args.item == "IPv6":
cmd.print_and_exit(("no", "yes")[fw.get_property(args.item)])
elif args.item == "IPv6_rpfilter":
cmd.print_and_exit(("no", "yes")[fw.get_property(args.item)])
elif args.item == "IndividualCalls":
cmd.print_and_exit(fw.config().get_property(args.item))
elif args.item == "MinimalMark":
cmd.print_and_exit(fw.config().get_property(args.item))
else:
cmd.fail("Uncaught argument")
elif args.action == "list":
props = [ "BRIDGE", "IndividualCalls","IPSet", "IPSetTypes", "IPv4",
"IPv6", "IPv6_rpfilter", "CleanupOnExit", "MinimalMark" ]
l = len(max(props, key=len))
for x in sorted(props):
if x in [ "CleanupOnExit", "MinimalMark", "IndividualCalls" ]:
prop = fw.config().get_property(x)
else:
prop = fw.get_property(x)
if isinstance(prop, list):
prop = " ".join(prop)
elif isinstance(prop, bool):
prop = ("no", "yes")[prop]
cmd.print_msg("%s %s" % (x.ljust(l), prop))
sys.exit(0)
else:
cmd.fail("Uncaught argument")
else:
cmd.fail("Uncaught argument")
# final success
cmd.print_and_exit("success")