Quico/update-firewall-source
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'cleanup'

Browse Source
This commit is contained in:
hygienic-books 2022-07-05 17:28:00 +02:00
commit f0516806da
1 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
update-firewall-source.py
View File

@ -29,7 +29,7 @@ import subprocess
# 2 : Config file invalid, sections must define at least CONST.CFG_MANDATORY # 2 : Config file invalid, sections must define at least CONST.CFG_MANDATORY
# 3 : Performing a firewalld rules check failed # 3 : Performing a firewalld rules check failed
# 4 : Performing a firewalld rules encountered a FileNotFoundError # 4 : Performing a firewalld rules encountered a FileNotFoundError
# 5 : Unable to open firewalld direct rules file # 5 : Unable to open firewalld direct rules file for reading
# 6 : Source and destination are identical when attempting to back up firewalld direct rules file # 6 : Source and destination are identical when attempting to back up firewalld direct rules file
# 7 : An option that must have a non-null value is either unset or null # 7 : An option that must have a non-null value is either unset or null
# 8 : Exception while adding a chain XML element to firewalld direct rules # 8 : Exception while adding a chain XML element to firewalld direct rules
@ -289,7 +289,7 @@ def add_rule_elem(
prio: int, prio: int,
target: str, target: str,
/, *, /, *,
arg_section_name: str = None, arg_section: str = None,
arg_proto: str = None, arg_proto: str = None,
arg_state: str = None, arg_state: str = None,
arg_ports: list = None, arg_ports: list = None,
@ -311,8 +311,7 @@ def add_rule_elem(
f"""{"--match multiport --destination-ports " + ",".join(arg_ports) + " " if arg_ports else ""}""" \ f"""{"--match multiport --destination-ports " + ",".join(arg_ports) + " " if arg_ports else ""}""" \
f"""{"--source " + arg_address + " " if arg_address else ""}""" \ f"""{"--source " + arg_address + " " if arg_address else ""}""" \
f"""--jump {target}""" \ f"""--jump {target}""" \
f""" f"""{" --match comment --comment " + chr(34) + arg_section[:256] + chr(34) if arg_section else ""}"""
{" --match comment --comment " + chr(34) + arg_section_name[:256] + chr(34) if arg_section_name else ""}"""
except lxml.etree.LxmlError as le: except lxml.etree.LxmlError as le:
log.error(f"""Failed to add XML '<rule ipv=f"{address_family}" .../>'\n""" log.error(f"""Failed to add XML '<rule ipv=f"{address_family}" .../>'\n"""
f"Verbatim exception was:\n" f"Verbatim exception was:\n"
@ -386,7 +385,7 @@ def add_fw_rule_to_xml(
address_family, address_family,
rules_already_added[address_family], rules_already_added[address_family],
target, target,
arg_section_name=section_name, arg_section=section_name,
arg_proto=proto, arg_proto=proto,
arg_state=config_obj.get(section_name, "state"), arg_state=config_obj.get(section_name, "state"),
arg_ports=ports, arg_ports=ports,
@ -402,7 +401,7 @@ def add_fw_rule_to_xml(
address_family, address_family,
rules_already_added[address_family], rules_already_added[address_family],
target, target,
arg_section_name=section_name, arg_section=section_name,
arg_proto=proto, arg_proto=proto,
arg_state=config_obj.get(section_name, "state"), arg_state=config_obj.get(section_name, "state"),
arg_ports=ports) arg_ports=ports)
@ -503,10 +502,8 @@ def write_new_fwd_direct_xml(
config_obj: configparser.ConfigParser()) -> bool: config_obj: configparser.ConfigParser()) -> bool:
global arg_fw_rule_data global arg_fw_rule_data
fwd_direct_xml_str = lxml.etree.tostring(arg_fw_rule_data, fwd_direct_xml_str = get_xml_str_repr()
pretty_print=True,
encoding="UTF-8",
xml_declaration=True).decode()
try: try:
with open(config_obj.get(configparser.DEFAULTSECT, "firewalld_direct_abs"), "r+") as fwd_file_handle: with open(config_obj.get(configparser.DEFAULTSECT, "firewalld_direct_abs"), "r+") as fwd_file_handle:
log.info(f"Writing new firewalld direct config ...") log.info(f"Writing new firewalld direct config ...")