update-firewall-source.py

@@ -22,6 +22,8 @@ import inflect
 import dbus
 # Find physical network interface via 'find' command
 import subprocess
+# Diff new and existing firewalld direct rules XML structure
+import difflib
 
 
 # Exit codes
@@ -553,6 +555,29 @@ def add_firewall_shim(arg_phy_nics: list) -> None:
                     )
 
 
+def has_xml_changed(
+        config_obj: configparser.ConfigParser()) -> bool:
+    arg_fwd_file_abs = os.path.abspath(config_obj.get(configparser.DEFAULTSECT, "firewalld_direct_file_abs"))
+
+    try:
+        with open(arg_fwd_file_abs, "r") as fwd_file_abs_handle:
+            fwd_file_abs_content = fwd_file_abs_handle.read()
+            fwd_direct_xml_str = get_xml_str_repr()
+            diff_result = difflib.Differ().compare(fwd_file_abs_content.splitlines(), fwd_direct_xml_str.splitlines())
+            s = difflib.SequenceMatcher(isjunk=None, a=fwd_file_abs_content, b=fwd_direct_xml_str, autojunk=False)
+    except OSError as ose:
+        ose_handler(os_error=ose, exit_code=5)
+        sys.exit(5)
+    else:
+        if s.ratio() < 1:
+            nl = "\n"
+            log.info(f"Changing firewalld rules. Diff as follows:\n"
+                     f"""{nl.join(diff_result)}""")
+            return True
+        else:
+            return False
+
+
 if __name__ == '__main__':
     validate_default_section(config)
     if config_has_valid_section(config):
@@ -589,6 +614,7 @@ if __name__ == '__main__':
                 arg_state="ESTABLISHED,RELATED")
     add_firewall_shim(get_phy_nics())
 
+    if has_xml_changed(config):
         write_new_fwd_direct_xml(config)
         if config.getboolean(configparser.DEFAULTSECT, "restart_firewalld_after_change"):
             restart_systemd_firewalld()