shell bypass 403

Cubjrnet7 Shell

: /usr/lib/python3.9/site-packages/firewall/server/__pycache__/ [ drwxr-xr-x ]
upload mass deface mass delete console info server

name : config.cpython-39.opt-1.pyc
a

���gt�@sLddlZddlZddlZddlmZddlmZddlmZddl	m
Z
ddlmZddl
mZmZmZmZmZmZddlmZdd	lmZdd
lmZddlmZddlmZdd
lmZddl m!Z!ddl"m#Z#ddl$m%Z%ddl&m'Z'ddl(m)Z)ddl*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2ddlm3Z3ddl4m5Z5Gdd�de�Z6dS)�N)�config)�DEFAULT_ZONE_TARGET)�Watcher)�log)�DbusServiceObject)�handle_exceptions�dbus_handle_exceptions�dbus_service_method�dbus_service_method_deprecated�dbus_service_signal_deprecated�dbus_polkit_require_auth)�FirewallDConfigIcmpType)�FirewallDConfigService)�FirewallDConfigZone)�FirewallDConfigPolicy)�FirewallDConfigIPSet)�FirewallDConfigHelper)�IcmpType)�IPSet)�Helper)�LockdownWhitelist)�Direct)�dbus_to_python�command_of_sender�context_of_sender�
uid_of_sender�user_of_uid�%dbus_introspection_prepare_properties�!dbus_introspection_add_properties�!dbus_introspection_add_deprecated)�errors)�
FirewallErrorcseZdZdZdZejjZe	�fdd��Z
e	dd��Ze	dd��Ze	d	d
��Z
e	dd��Ze	d
d��Ze	dd��Ze	dd��Ze	dd��Ze	dd��Ze	dd��Ze	dd��Ze	dd��Ze	dd��Ze	dd ��Ze	d!d"��Ze	d#d$��Ze	d%d&��Ze	d'd(��Ze	d)d*��Ze	d+d,��Ze	d-d.��Ze	d/d0��Z e!d1d2��Z"e!d3d4��Z#e!d5d6��Z$e%ej&d7d8d9�e!d�d;d<���Z'e%ej&d=d>d9�e!d�d?d@���Z(e)ejj�e%ej&dAdB�e!d�dCdD����Z*ej+j,ej&dEdF�dGdH��Z-e)ejj.�e%ej/d=dI�e!d�fdJdK�	���Z0e%ejj1e2j3dI�e!d�dLdM���Z4e%ejj1e2j3dB�e!d�dNdO���Z5ej+�,ejj1�e!dPdQ���Z6e%ejj1d=dB�e!d�dRdS���Z7e%ejj1d=dB�e!d�dTdU���Z8e%ejj1d=dVd9�e!d�dWdX���Z9e%ejj1dYdI�e!d�dZd[���Z:e%ejj1d=dB�e!d�d\d]���Z;e%ejj1d=dB�e!d�d^d_���Z<e%ejj1d=dVd9�e!d�d`da���Z=e%ejj1dYdI�e!d�dbdc���Z>e%ejj1d=dB�e!d�ddde���Z?e%ejj1d=dB�e!d�dfdg���Z@e%ejj1d=dVd9�e!d�dhdi���ZAe%ejj1dYdI�e!d�djdk���ZBe%ejj1dldB�e!�ddmdn���ZCe%ejj1dldB�e!�ddodp���ZDe%ejj1dldVd9�e!�ddqdr���ZEe%ejj1dsdI�e!�ddtdu���ZFe%ejjGdvdI�e!�ddwdx���ZHe%ejjGdYdI�e!�ddydz���ZIe%ejjGd=d{d9�e!�dd|d}���ZJe%ejjGd=eKj3d{d9�e!�dd~d���ZLej+j,ejjGd=dF�e!d�d����ZMe%ejjGdvdI�e!�dd�d����ZNe%ejjGdYdI�e!�d	d�d����ZOe%ejjGd=d{d9�e!�d
d�d����ZPe%ejjGd=eQj3d{d9�e!�dd�d����ZRej+j,ejjGd=dF�e!d�d����ZSe%ejjGdvdI�e!�dd�d����ZTe%ejjGdYdI�e!�d
d�d����ZUe%ejjGd=d{d9�e!�dd�d����ZVe%ejjGd�d{d9�e!�dd�d����ZWe%ejjGd�d{d9�e!�dd�d����ZXej+j,ejjGd=dF�e!d�d����ZYe%ejjGdvdI�e!�dd�d����ZZe%ejjGdYdI�e!�dd�d����Z[e%ejjGd=d{d9�e!�dd�d����Z\e%ejjGd=d=d9�e!�dd�d����Z]e%ejjGd=d=d9�e!�dd�d����Z^e%ejjGd�d{d9�e!�dd�d����Z_e%ejjGd�d{d9�e!�dd�d����Z`ej+j,ejjGd=dF�e!d�d����Zae%ejjGdvdI�e!�dd�d����Zbe%ejjGdYdI�e!�dd�d����Zce%ejjGd=d{d9�e!�dd�d����Zde%ejjGd�d{d9�e!�dd�d����Zeej+j,ejjGd=dF�e!d�d����Zfe%ejjGdvdI�e!�dd�d����Zge%ejjGdYdI�e!�dd�d����Zhe%ejjGd=d{d9�e!�dd�d����Zie%ejjGd=ejj3d{d9�e!�dd�d����Zkej+j,ejjGd=dF�e!d�d����Zlemejjn�e%ejjneoj3dI�e!�d d�d�����Zpemejjn�e%ejjneoj3dB�e!�d!d�d„���Zqerejjn�ej+�,ejjn�e!d�dĄ���Zsemejjn�e%ejjnd�dB�e!�d"d�dDŽ���Ztemejjn�e%ejjnd�dB�e!�d#d�dɄ���Zuemejjn�e%ejjnd�dVd9�e!�d$d�d˄���Zvemejjn�e%ejjnd7dYd9�e!�d%d�d̈́���Zwemejjn�e%ejjnd�d�d9�e!�d&d�dф���Zxemejjn�e%ejjnd�dB�e!�d'd�dԄ���Zyemejjn�e%ejjnd�dB�e!�d(d�dք���Zzemejjn�e%ejjnd�dVd9�e!�d)d�d؄���Z{emejjn�e%ejjnd�dB�e!�d*d�dڄ���Z|emejjn�e%ejjnd�d�d9�e!�d+d�d݄���Z}emejjn�e%ejjnd�d�d9�e!�d,d�d����Z~emejjn�e%ejjnd�dB�e!�d-d�d����Zemejjn�e%ejjnd�dB�e!�d.d�d����Z�emejjn�e%ejjnd�dVd9�e!�d/d�d����Z�emejjn�e%ejjnd=d�d9�e!�d0d�d����Z�emejjn�e%ejjnd�dI�e!�d1d�d����Z��Z�S(2�FirewallDConfigzFirewallD main classTcs�tt|�j|i|��||_|d|_|d|_|��t|jd�|_	|j	�
tj�|j	�
tj�|j	�
tj
�|j	�
tj�|j	�
tj�|j	�
tj�|j	�
tj�|j	�
tj�|j	�
tj�|j	�
tj�|j	�
tj�|j	�
tj�tj�tj��r>tt�tj��D].}dtj|f}tj�|��r|j	�
|��q|j	�tj�|j	�tj�|j	�tj�t |tj!j"ddddddddddddddd��dS)Nr��z%s/%sZ	readwrite)�
CleanupOnExit�CleanupModulesOnExit�
IPv6_rpfilter�IPv6_rpfilter2�Lockdown�MinimalMark�IndividualCalls�	LogDenied�AutomaticHelpers�FirewallBackend�FlushAllOnReload�RFC3964_IPv4�AllowZoneDrifting�NftablesTableOwner)#�superr"�__init__r�busname�path�
_init_varsr�
watch_updater�watcher�
add_watch_dir�FIREWALLD_IPSETS�ETC_FIREWALLD_IPSETS�FIREWALLD_ICMPTYPES�ETC_FIREWALLD_ICMPTYPES�FIREWALLD_HELPERS�ETC_FIREWALLD_HELPERS�FIREWALLD_SERVICES�ETC_FIREWALLD_SERVICES�FIREWALLD_ZONES�ETC_FIREWALLD_ZONES�FIREWALLD_POLICIES�ETC_FIREWALLD_POLICIES�os�exists�sorted�listdir�isdirZadd_watch_file�LOCKDOWN_WHITELIST�FIREWALLD_DIRECT�FIREWALLD_CONFr�dbus�DBUS_INTERFACE_CONFIG)�selfZconf�args�kwargs�filenamer6��	__class__��:/usr/lib/python3.9/site-packages/firewall/server/config.pyr4DsV


��zFirewallDConfig.__init__cCsg|_d|_g|_d|_g|_d|_g|_d|_g|_d|_	g|_
d|_|j�
�D]}|�|j�|��qR|j��D]}|�|j�|��qt|j��D]}|�|j�|��q�|j��D]}|�|j�|��q�|j��D]}|�|j�|��q�|j��D]}|�|j�|��q�dS�Nr)�ipsets�	ipset_idx�	icmptypes�icmptype_idx�services�service_idx�zones�zone_idx�helpers�
helper_idx�policy_objects�policy_object_idxrZ
get_ipsets�	_addIPSetZ	get_ipsetZ
get_icmptypes�_addIcmpTypeZget_icmptypeZget_services�_addServiceZget_serviceZ	get_zones�_addZoneZget_zoneZget_helpers�
_addHelperZ
get_helperZget_policy_objects�
_addPolicyZget_policy_object)rQ�ipset�icmptype�service�zone�helper�policyrWrWrXr7us0zFirewallDConfig._init_varscCsdS�NrW�rQrWrWrX�__del__�szFirewallDConfig.__del__cCs�t|j�dkr$|j��}|��~qt|j�dkrH|j��}|��~q$t|j�dkrl|j��}|��~qHt|j�dkr�|j��}|��~qlt|j�dkr�|j��}|��~q�t|j�dkr�|j��}|��~q�|�	�dSrY)
�lenrZ�pop�
unregisterr\r^r`rbrdr7)rQ�itemrWrWrX�reload�s2





zFirewallDConfig.reloadc	
Cs~|tjkr�|�tjj�}t�dtj�z|j��Wn8tyl}z t�	d||f�WYd}~dSd}~00|�tjj��
�}t|���D]"}||vr�||||kr�||=q�t
|�dkr�|�tjj|g�dS|�tj�s�|�tj��r�|�d��r�z|j�|�\}}Wn:t�yF}z t�	d||f�WYd}~dSd}~00|dk�r^|�|�n*|dk�rt|�|�n|dk�rz|�|��n�|�tj��s�|�tj��rH|�d��rHz|j�|�\}}Wn:t�y}z t�	d	||f�WYd}~dSd}~00|dk�r|�|�n*|dk�r0|�|�n|dk�rz|�|��n2|�tj��sd|�tj��r�|�d��rz|j�|�\}}Wn:t�y�}z t�	d
||f�WYd}~dSd}~00|dk�r�|� |�n*|dk�r�|�!|�n|dk�r�|�"|�n�|�tj��rz|�#tjd��$d�}t
|�d
k�s<d|v�r@dSt%j&�'|��rj|j(�)|��s�|j(�*|�n|j(�)|��rz|j(�+|��n�|�tj,��s�|�tj-��rD|�d��rDz|j�.|�\}}Wn:t�y�}z t�	d||f�WYd}~dSd}~00|dk�r|�/|�n*|dk�r,|�0|�n|dk�rz|�1|��n6|�tj2��s`|�tj3��r|�d��rz|j�4|�\}}Wn:t�y�}z t�	d||f�WYd}~dSd}~00|dk�r�|�5|�n*|dk�r�|�6|�n|dk�rz|�7|��nz|tj8k�rbz|j�9�Wn:t�yT}z t�	d||f�WYd}~dSd}~00|�:��n|tj;k�r�z|j�<�Wn:t�y�}z t�	d||f�WYd}~dSd}~00|�=�n�|�tj>��s�|�tj?��rz|�d��rzz|j�@|�\}}Wn:t�y8}z t�	d||f�WYd}~dSd}~00|dk�rP|�A|�n*|dk�rf|�B|�n|dk�rz|�C|�dS)Nz,config: Reloading firewalld config file '%s'z+Failed to load firewalld.conf file '%s': %srz.xmlz%Failed to load icmptype file '%s': %s�new�remove�updatez$Failed to load service file '%s': %sz!Failed to load zone file '%s': %s��/r#z"Failed to load ipset file '%s': %sz#Failed to load helper file '%s': %sz/Failed to load lockdown whitelist file '%s': %sz)Failed to load direct rules file '%s': %sz#Failed to load policy file '%s': %s)DrrN�GetAllrOrPr�debug1Zupdate_firewalld_conf�	Exception�error�copy�list�keysru�PropertiesChanged�
startswithr=r>�endswithZupdate_icmptype_from_pathrg�removeIcmpType�_updateIcmpTyperArBZupdate_service_from_pathrh�
removeService�_updateServicerCrDZupdate_zone_from_pathri�
removeZone�_updateZone�replace�striprGr6rKr9Z	has_watchr:Zremove_watchr;r<Zupdate_ipset_from_pathrf�removeIPSet�_updateIPSetr?r@Zupdate_helper_from_pathrj�removeHelper�
_updateHelperrLZupdate_lockdown_whitelist�LockdownWhitelistUpdatedrMZ
update_direct�UpdatedrErFZupdate_policy_object_from_pathrk�removePolicy�
_updatePolicy)	rQ�nameZ	old_props�msgZprops�keyZwhat�obj�_namerWrWrXr8�s&
��
�
��



��



�



���



���


��

��


zFirewallDConfig.watch_updaterc	CsPt||j||j|jdtjj|jf�}|j�|�|jd7_|�|j	�|S�Nz%s/%dr#)
r
rr]r5rOZDBUS_PATH_CONFIG_ICMPTYPEr\�append�
IcmpTypeAddedr�)rQr��config_icmptyperWrWrXrgBs��zFirewallDConfig._addIcmpTypecCsL|jD]@}|jj|jkr|jj|jkr|jj|jkr||_|�|j�qdSrr)r\r�r�r6rTr�)rQr�rmrWrWrXr�Ns
��zFirewallDConfig._updateIcmpTypecCs�d}|jD]J}|��}|j||vr
||�|j�|j�|j|�|_|�|jj�q
|jD]R}|��}d|vr\|j|dvr\|d�|j�|j�	|j|�|_|�|jj�q\|j
D]0}|j|kr�|�|j�|��|j
�|�~q�dS)N�Zicmp_blocks)
r`�getSettingsr�r{r�set_zone_configr�r�rd�set_policy_object_config_dictr\�Removedrw)rQr��indexro�settingsrqrmrWrWrXr�Ws&



zFirewallDConfig.removeIcmpTypec	CsPt||j||j|jdtjj|jf�}|j�|�|jd7_|�|j	�|Sr�)
rrr_r5rOZDBUS_PATH_CONFIG_SERVICEr^r��ServiceAddedr�)rQr��config_servicerWrWrXrhqs�zFirewallDConfig._addServicecCsL|jD]@}|jj|jkr|jj|jkr|jj|jkr||_|�|j�qdSrr)r^r�r�r6rTr�)rQr�rnrWrWrXr�|s
��zFirewallDConfig._updateServicecCs�d}|jD]J}|��}|j||vr
||�|j�|j�|j|�|_|�|jj�q
|jD]R}|��}d|vr\|j|dvr\|d�|j�|j�	|j|�|_|�|jj�q\|j
D]0}|j|kr�|�|j�|��|j
�|�~q�dS)Nr$r^)
r`r�r�r{rr�r�r�rdr�r^r�rw)rQr�r�ror�rqrnrWrWrXr��s&



zFirewallDConfig.removeServicec	CsPt||j||j|jdtjj|jf�}|j�|�|jd7_|�|j	�|Sr�)
rrrar5rOZDBUS_PATH_CONFIG_ZONEr`r��	ZoneAddedr�)rQr��config_zonerWrWrXri�s�zFirewallDConfig._addZonecCsL|jD]@}|jj|jkr|jj|jkr|jj|jkr||_|�|j�qdSrr)r`r�r�r6rTr��rQr�rorWrWrXr��s
�zFirewallDConfig._updateZonecCs<|jD]0}|j|kr|�|j�|��|j�|�~qdSrr)r`r�r�r�rwr{r�rWrWrXr��s

zFirewallDConfig.removeZonec	CsPt||j||j|jdtjj|jf�}|j�|�|jd7_|�|j	�|Sr�)
rrrer5rOZDBUS_PATH_CONFIG_POLICYrdr��PolicyAddedr�)rQr��
config_policyrWrWrXrk�s�zFirewallDConfig._addPolicycCsL|jD]@}|jj|jkr|jj|jkr|jj|jkr||_|�|j�qdSrr)rdr�r�r6rTr��rQr�rqrWrWrXr��s
�zFirewallDConfig._updatePolicycCs<|jD]0}|j|kr|�|j�|��|j�|�~qdSrr)rdr�r�r�rwr{r�rWrWrXr��s

zFirewallDConfig.removePolicyc	CsPt||j||j|jdtjj|jf�}|j�|�|jd7_|�|j	�|Sr�)
rrr[r5rOZDBUS_PATH_CONFIG_IPSETrZr��
IPSetAddedr�)rQr��config_ipsetrWrWrXrf�s�zFirewallDConfig._addIPSetcCsL|jD]@}|jj|jkr|jj|jkr|jj|jkr||_|�|j�qdSrr)rZr�r�r6rTr��rQr�rlrWrWrXr��s
�zFirewallDConfig._updateIPSetcCs<|jD]0}|j|kr|�|j�|��|j�|�~qdSrr)rZr�r�r�rwr{r�rWrWrXr��s

zFirewallDConfig.removeIPSetc	CsPt||j||j|jdtjj|jf�}|j�|�|jd7_|�|j	�|Sr�)
rrrcr5rOZDBUS_PATH_CONFIG_HELPERrbr��HelperAddedr�)rQr��
config_helperrWrWrXrj�s�zFirewallDConfig._addHelpercCsL|jD]@}|jj|jkr|jj|jkr|jj|jkr||_|�|j�qdSrr)rbr�r�r6rTr��rQr�rprWrWrXr�s
�zFirewallDConfig._updateHelpercCs<|jD]0}|j|kr|�|j�|��|j�|�~qdSrr)rbr�r�r�rwr{r�rWrWrXr�s

zFirewallDConfig.removeHelpercCs�|jjjdkrttjd��|j��r�|dur:t�d�dSt	�
�}t||�}|j�d|�r^dSt
||�}|j�d|�rzdSt|�}|j�d|�r�dSt||�}|j�d|�r�dSttjd��dS)	NZFAILEDz�Changing permanent configuration is not allowed while firewalld is in FAILED state. The permanent configuration must be fixed and then firewalld restarted. Try `firewall-offline-cmd --check-config`.z&Lockdown not possible, sender not set.�context�uid�user�commandzlockdown is enabled)rZ_fw�_stater!r ZRUNNING_BUT_FAILEDZlockdown_enabledrr�rOZ	SystemBusrZaccess_checkrrrZ
ACCESS_DENIED)rQ�senderZbusr�r�r�r�rWrWrX�accessChecks,�




zFirewallDConfig.accessCheckcCs�|dvrtj�d|��|j���|�}|dkrH|dur>tj}t�|�S|dkrr|dur`tj}nt	|�}t�
|�S|dkr�|dur�tjr�dnd}t�|�S|dkr�|dur�tjr�dnd}t�|�S|d	kr�|dur�tj
r�dnd}t�|�S|d
k�r |du�s|dk�rt�d�St�d�S�nv|dk�rD|du�r:tj}t�|�S|dk�rr|du�rhtj�rddnd}t�|�S|d
k�r�|du�r�tj}t�|�S|dk�r�|du�r�tj}t�|�S|dk�r�|du�r�tj}t�|�S|dk�r|du�rtj�r�dnd}t�|�S|dk�r:|du�r0tj�r,dnd}t�|�S|dk�rh|du�r^tj�rZdnd}t�|�S|dk�r�|du�r�tj�r�dnd}t�|�SdS)N��DefaultZoner*r%r&r)r'r+r,r-r.r/r0r1r(r2�Dorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not existr�r*r%�yes�nor&r)r'r(r+r,r-r.r/r0r1r2)rO�
exceptions�
DBusExceptionr�get_firewalld_conf�getZ
FALLBACK_ZONE�StringZFALLBACK_MINIMAL_MARK�int�Int32ZFALLBACK_CLEANUP_ON_EXITZ FALLBACK_CLEANUP_MODULES_ON_EXITZFALLBACK_LOCKDOWNZFALLBACK_IPV6_RPFILTERZFALLBACK_INDIVIDUAL_CALLSZFALLBACK_LOG_DENIEDZFALLBACK_AUTOMATIC_HELPERSZFALLBACK_FIREWALL_BACKENDZFALLBACK_FLUSH_ALL_ON_RELOADZFALLBACK_RFC3964_IPV4ZFALLBACK_ALLOW_ZONE_DRIFTINGZFALLBACK_NFTABLES_TABLE_OWNER)rQ�prop�valuerWrWrX�
_get_property3s���
































zFirewallDConfig._get_propertycCs�|dkrt�|�|��S|dkr0t�|�|��S|dkrHt�|�|��S|dkr`t�|�|��S|dkrxt�|�|��S|dkr�t�|�|��S|dkr�t�|�|��S|dkr�t�|�|��S|d	kr�t�|�|��S|d
k�r�t�|�|��S|dk�rt�|�|��S|dk�r&t�|�|��S|d
k�r@t�|�|��S|dk�rZt�|�|��S|dk�rtt�|�|��Stj�d|��dS)Nr�r*r%r&r)r'r(r+r,r-r.r/r0r1r2r�)rOr�r�r�r�r�)rQr�rWrWrX�_get_dbus_property�sF





��z"FirewallDConfig._get_dbus_property�ss�v)�in_signature�
out_signatureNcCsrt|t�}t|t�}t�d||�|tjjkr8|�|�S|tjjtjj	fvr^tj
�d|��ntj
�d|��dS)Nzconfig.Get('%s', '%s')r��Jorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)r�strrr�rrOrPr��DBUS_INTERFACE_CONFIG_DIRECT�DBUS_INTERFACE_CONFIG_POLICIESr�r�)rQ�interface_name�
property_namer�rWrWrX�Get�s$


�����zFirewallDConfig.Get�sza{sv}cCstt|t�}t�d|�i}|tjjkr@dD]}|�|�||<q*n&|tjjtjj	fvrVntj
�d|��tj|dd�S)Nzconfig.GetAll('%s')r�r��sv�Z	signature)
rr�rr�rrOrPr�r�r�r�r�Z
Dictionary)rQr�r��ret�xrWrWrXr�s 
���zFirewallDConfig.GetAllZssv)r�cCs�t|t�}t|t�}t|�}t�d|||�|�|�|tjjk�rR|dv�r4|dvrx|��dvrvt	t
jd||f��n�|dkr�|tjvr�t	t
jd||f��n`|dkr�|tj
vr�t	t
jd||f��n8|dkr�|tjvr�t	t
jd||f��ntj�d	|��|j���||�|j����|�|||ig�n|d
v�r@ntj�d	|��n8|tjjtjjfv�rztj�d	|��ntj�d|��dS)Nzconfig.Set('%s', '%s', '%s'))r%r&r)r'r+r,r.r/r0r(r2)r%r&r)r'r+r/r0r2)r�r��trueZfalsez'%s' for %sr,r.r(r�)r*r-r1r�)rr�rr�r�rrOrP�lowerr!r Z
INVALID_VALUEZLOG_DENIED_VALUESZFIREWALL_BACKEND_VALUESZIPV6_RPFILTER_VALUESr�r�r��set�writer�r�r�)rQr�r�Z	new_valuer�rWrWrX�Set�s�

�

��
��
��

����
�������zFirewallDConfig.Setzsa{sv}asr�cCs.t|t�}t|�}t|�}t�d|||�dS)Nz*config.PropertiesChanged('%s', '%s', '%s')�rr�rr�)rQr�Zchanged_propertiesZinvalidated_propertiesrWrWrXr�s
�z!FirewallDConfig.PropertiesChanged)r�cs`t�d�tt|��|j|j���}t||t	j
j�}t	j
jfD]}t
|||t�jt�j�}q>|S)Nzconfig.Introspect())rZdebug2r3r"�
Introspectr6r5Zget_busrrrOrPr�rr
Z
deprecatedr)rQr��dataZ	interfacerUrWrXr�"s
�
��zFirewallDConfig.IntrospectcCst�d�|j��j��S)Nz&config.policies.getLockdownWhitelist())rr�r�get_policies�lockdown_whitelist�
export_config�rQr�rWrWrX�getLockdownWhitelist9s
z$FirewallDConfig.getLockdownWhitelistcCsBt�d�t|�}|j��j�|i�|j��j��|��dS)Nz)config.policies.setLockdownWhitelist(...))	rr�rrr�r��
import_configr�r��rQr�r�rWrWrX�setLockdownWhitelist@s

z$FirewallDConfig.setLockdownWhitelistcCst�d�dS)Nz*config.policies.LockdownWhitelistUpdated()�rr�rsrWrWrXr�Jsz(FirewallDConfig.LockdownWhitelistUpdatedcCs^t|�}t�d|�|�|�t|���}||dvrBttj|��|d�	|�|�
|�dS)Nz1config.policies.addLockdownWhitelistCommand('%s')r�rrr�r�r�r�r!r �ALREADY_ENABLEDr�r��rQr�r�r�rWrWrX�addLockdownWhitelistCommandQs
z+FirewallDConfig.addLockdownWhitelistCommandcCs^t|�}t�d|�|�|�t|���}||dvrBttj|��|d�	|�|�
|�dS)Nz4config.policies.removeLockdownWhitelistCommand('%s')r�rrr�r�r�r�r!r �NOT_ENABLEDr{r�r�rWrWrX�removeLockdownWhitelistCommand^s�
z.FirewallDConfig.removeLockdownWhitelistCommand�bcCs$t|�}t�d|�||��dvS)Nz3config.policies.queryLockdownWhitelistCommand('%s')r�rrr�r�)rQr�r�rWrWrX�queryLockdownWhitelistCommandls
�z-FirewallDConfig.queryLockdownWhitelistCommand�ascCst�d�|��dS)Nz.config.policies.getLockdownWhitelistCommands()r�rr�r�r�rWrWrX�getLockdownWhitelistCommandsus
z,FirewallDConfig.getLockdownWhitelistCommandscCs^t|�}t�d|�|�|�t|���}||dvrBttj|��|d�	|�|�
|�dS)Nz1config.policies.addLockdownWhitelistContext('%s')r#r��rQr�r�r�rWrWrX�addLockdownWhitelistContext~s
z+FirewallDConfig.addLockdownWhitelistContextcCs^t|�}t�d|�|�|�t|���}||dvrBttj|��|d�	|�|�
|�dS)Nz4config.policies.removeLockdownWhitelistContext('%s')r#r�r�rWrWrX�removeLockdownWhitelistContext�s�
z.FirewallDConfig.removeLockdownWhitelistContextcCs$t|�}t�d|�||��dvS)Nz3config.policies.queryLockdownWhitelistContext('%s')r#r�)rQr�r�rWrWrX�queryLockdownWhitelistContext�s
�z-FirewallDConfig.queryLockdownWhitelistContextcCst�d�|��dS)Nz.config.policies.getLockdownWhitelistContexts()r#r�r�rWrWrX�getLockdownWhitelistContexts�s
z,FirewallDConfig.getLockdownWhitelistContextscCs^t|�}t�d|�|�|�t|���}||dvrBttj|��|d�	|�|�
|�dS)Nz.config.policies.addLockdownWhitelistUser('%s')�r��rQr�r�r�rWrWrX�addLockdownWhitelistUser�s
z(FirewallDConfig.addLockdownWhitelistUsercCs^t|�}t�d|�|�|�t|���}||dvrBttj|��|d�	|�|�
|�dS)Nz1config.policies.removeLockdownWhitelistUser('%s')rr�rrWrWrX�removeLockdownWhitelistUser�s
z+FirewallDConfig.removeLockdownWhitelistUsercCs$t|�}t�d|�||��dvS)Nz0config.policies.queryLockdownWhitelistUser('%s')rr�)rQr�r�rWrWrX�queryLockdownWhitelistUser�sz*FirewallDConfig.queryLockdownWhitelistUsercCst�d�|��dS)Nz+config.policies.getLockdownWhitelistUsers()rr�r�rWrWrX�getLockdownWhitelistUsers�s
z)FirewallDConfig.getLockdownWhitelistUsers�icCs^t|�}t�d|�|�|�t|���}||dvrBttj|��|d�	|�|�
|�dS)Nz+config.policies.addLockdownWhitelistUid(%d)�r��rQr�r�r�rWrWrX�addLockdownWhitelistUid�s
z'FirewallDConfig.addLockdownWhitelistUidcCs^t|�}t�d|�|�|�t|���}||dvrBttj|��|d�	|�|�
|�dS)Nz.config.policies.removeLockdownWhitelistUid(%d)rr�r	rWrWrX�removeLockdownWhitelistUid�s
z*FirewallDConfig.removeLockdownWhitelistUidcCs$t|�}t�d|�||��dvS)Nz-config.policies.queryLockdownWhitelistUid(%d)rr�)rQr�r�rWrWrX�queryLockdownWhitelistUid�sz)FirewallDConfig.queryLockdownWhitelistUidZaicCst�d�|��dS)Nz*config.policies.getLockdownWhitelistUids()rr�r�rWrWrX�getLockdownWhitelistUids�s
z(FirewallDConfig.getLockdownWhitelistUidsZaocCst�d�|jS)z"list ipsets objects paths
        zconfig.listIPSets())rr�rZr�rWrWrX�
listIPSetss
zFirewallDConfig.listIPSetscCs0t�d�g}|jD]}|�|jj�qt|�S)zget ipset names
        zconfig.getIPSetNames())rr�rZr�r�r�rI)rQr�rZr�rWrWrX�
getIPSetNamess


zFirewallDConfig.getIPSetNames�ocCsFt|t�}t�d|�|jD]}|jj|kr|Sqttj	|��dS)z-object path of ipset with given name
        zconfig.getIPSetByName('%s')N)
rr�rr�rZr�r�r!r Z
INVALID_IPSET)rQrlr�r�rWrWrX�getIPSetByNames


zFirewallDConfig.getIPSetByNamecCsDt|t�}t|�}t�d|�|�|�|j�||�}|�|�}|S)z/add ipset with given name and settings
        zconfig.addIPSet('%s'))rr�rr�r�rZ	new_ipsetrf)rQrlr�r�r�r�rWrWrX�addIPSet#s


zFirewallDConfig.addIPSetcCst|t�}t�d|�dS)Nzconfig.IPSetAdded('%s')r�)rQrlrWrWrXr�2s
zFirewallDConfig.IPSetAddedcCst�d�|jS)z%list icmptypes objects paths
        zconfig.listIcmpTypes())rr�r\r�rWrWrX�
listIcmpTypes:s
zFirewallDConfig.listIcmpTypescCs0t�d�g}|jD]}|�|jj�qt|�S)zget icmptype names
        zconfig.getIcmpTypeNames())rr�r\r�r�r�rI)rQr�r\r�rWrWrX�getIcmpTypeNamesBs


z FirewallDConfig.getIcmpTypeNamescCsFt|t�}t�d|�|jD]}|jj|kr|Sqttj	|��dS)z0object path of icmptype with given name
        zconfig.getIcmpTypeByName('%s')N)
rr�rr�r\r�r�r!r ZINVALID_ICMPTYPE)rQrmr�r�rWrWrX�getIcmpTypeByNameMs


z!FirewallDConfig.getIcmpTypeByNamecCsDt|t�}t|�}t�d|�|�|�|j�||�}|�|�}|S)z2add icmptype with given name and settings
        zconfig.addIcmpType('%s'))rr�rr�r�rZnew_icmptyperg)rQrmr�r�r�r�rWrWrX�addIcmpTypeZs


zFirewallDConfig.addIcmpTypecCst�d|�dS)Nzconfig.IcmpTypeAdded('%s')r�)rQrmrWrWrXr�iszFirewallDConfig.IcmpTypeAddedcCst�d�|jS)z$list services objects paths
        zconfig.listServices())rr�r^r�rWrWrX�listServicesps
zFirewallDConfig.listServicescCs0t�d�g}|jD]}|�|jj�qt|�S)zget service names
        zconfig.getServiceNames())rr�r^r�r�r�rI)rQr�r^r�rWrWrX�getServiceNamesxs


zFirewallDConfig.getServiceNamescCsFt|t�}t�d|�|jD]}|jj|kr|Sqttj	|��dS)z/object path of service with given name
        zconfig.getServiceByName('%s')N)
rr�rr�r^r�r�r!r ZINVALID_SERVICE)rQrnr�r�rWrWrX�getServiceByName�s


z FirewallDConfig.getServiceByNamezs(sssa(ss)asa{ss}asa(ss))cCsDt|t�}t|�}t�d|�|�|�|j�||�}|�|�}|S)�1add service with given name and settings
        zconfig.addService('%s'))rr�rr�r�rZnew_servicerh�rQrnr�r�r�r�rWrWrX�
addService�s


zFirewallDConfig.addServicezsa{sv}cCsDt|t�}t|�}t�d|�|�|�|j�||�}|�|�}|S)rzconfig.addService2('%s'))rr�rr�r�rZnew_service_dictrhrrWrWrX�addService2�s


zFirewallDConfig.addService2cCst�d|�dS)Nzconfig.ServiceAdded('%s')r�)rQrnrWrWrXr��szFirewallDConfig.ServiceAddedcCst�d�|jS)z!list zones objects paths
        zconfig.listZones())rr�r`r�rWrWrX�	listZones�s
zFirewallDConfig.listZonescCs0t�d�g}|jD]}|�|jj�qt|�S)zget zone names
        zconfig.getZoneNames())rr�r`r�r�r�rI)rQr�r`r�rWrWrX�getZoneNames�s


zFirewallDConfig.getZoneNamescCsFt|t�}t�d|�|jD]}|jj|kr|Sqttj	|��dS)z,object path of zone with given name
        zconfig.getZoneByName('%s')N)
rr�rr�r`r�r�r!r ZINVALID_ZONE)rQror�r�rWrWrX�
getZoneByName�s


zFirewallDConfig.getZoneByNamecCsvt|t�}t�d|�g}|jD]}||jjvr |�|jj�q t	|�dkrfd�
|�d|t	|�fS|rr|dSdS)z4name of zone the given interface belongs to
        zconfig.getZoneOfInterface('%s')r#� zE  (ERROR: interface '%s' is in %s zone XML files, can be only in one)rr})rr�rr�r`r�Z
interfacesr�r�ru�join)rQZifacer�r�r�rWrWrX�getZoneOfInterface�s


��z"FirewallDConfig.getZoneOfInterfacecCsvt|t�}t�d|�g}|jD]}||jjvr |�|jj�q t	|�dkrfd�
|�d|t	|�fS|rr|dSdS)z1name of zone the given source belongs to
        zconfig.getZoneOfSource('%s')r#r!zB  (ERROR: source '%s' is in %s zone XML files, can be only in one)rr})rr�rr�r`r�Zsourcesr�r�rur")rQ�sourcer�r�r�rWrWrX�getZoneOfSource�s


��zFirewallDConfig.getZoneOfSourcez's(sssbsasa(ss)asba(ssss)asasasasa(ss)b)cCsht|t�}t|�}t�d|�|�|�|ddkrLt|�}t|d<t|�}|j�	||�}|�
|�}|S)�.add zone with given name and settings
        �config.addZone('%s')��default)rr�rr�r�r�r�tuplerZnew_zoneri)rQror�r�Z	_settingsr�r�rWrWrX�addZone�s


zFirewallDConfig.addZonecCs`t|t�}t|�}t�d|�|�|�d|vrD|ddkrDt|d<|j�||�}|�|�}|S)r&r'�targetr))	rr�rr�r�rrZ
new_zone_dictri)rQror�r�r�r�rWrWrX�addZone2s


zFirewallDConfig.addZone2cCst�d|�dS)Nzconfig.ZoneAdded('%s')r�)rQrorWrWrXr�"szFirewallDConfig.ZoneAddedcCst�d�|jS)z$list policies objects paths
        zconfig.listPolicies())rr�rdr�rWrWrX�listPolicies)s
zFirewallDConfig.listPoliciescCs0t�d�g}|jD]}|�|jj�qt|�S)zget policy names
        zconfig.getPolicyNames())rr�rdr�r�r�rI)rQr�Zpoliciesr�rWrWrX�getPolicyNames1s


zFirewallDConfig.getPolicyNamescCsFt|t�}t�d|�|jD]}|jj|kr|Sqttj	|��dS)z.object path of policy with given name
        zconfig.getPolicyByName('%s')N)
rr�rr�rdr�r�r!r ZINVALID_POLICY)rQrqr�r�rWrWrX�getPolicyByName<s


zFirewallDConfig.getPolicyByNamecCsDt|t�}t|�}t�d|�|�|�|j�||�}|�|�}|S)z0add policy with given name and settings
        zconfig.addPolicy('%s'))rr�rr�r�rZnew_policy_object_dictrk)rQrqr�r�r�r�rWrWrX�	addPolicyIs


zFirewallDConfig.addPolicycCst�d|�dS)Nzconfig.PolicyAdded('%s')r�)rQrqrWrWrXr�XszFirewallDConfig.PolicyAddedcCst�d�|jS)z#list helpers objects paths
        zconfig.listHelpers())rr�rbr�rWrWrX�listHelpersas
zFirewallDConfig.listHelperscCs0t�d�g}|jD]}|�|jj�qt|�S)zget helper names
        zconfig.getHelperNames())rr�rbr�r�r�rI)rQr�rbr�rWrWrX�getHelperNamesis


zFirewallDConfig.getHelperNamescCsFt|t�}t�d|�|jD]}|jj|kr|Sqttj	|��dS)z.object path of helper with given name
        zconfig.getHelperByName('%s')N)
rr�rr�rbr�r�r!r ZINVALID_HELPER)rQrpr�r�rWrWrX�getHelperByNamets


zFirewallDConfig.getHelperByNamecCsDt|t�}t|�}t�d|�|�|�|j�||�}|�|�}|S)z0add helper with given name and settings
        zconfig.addHelper('%s'))rr�rr�r�rZ
new_helperrj)rQrpr�r�r�r�rWrWrX�	addHelper�s


zFirewallDConfig.addHelpercCst|t�}t�d|�dS)Nzconfig.HelperAdded('%s')r�)rQrprWrWrXr��s
zFirewallDConfig.HelperAddedcCst�d�|j����S)Nzconfig.direct.getSettings())rr�r�
get_directr�r�rWrWrXr��s
zFirewallDConfig.getSettingscCs>t�d�t|�}|j���|i�|j����|��dS)Nzconfig.direct.update())rr�rrr6r�r�r�r�rWrWrXr|�s

zFirewallDConfig.updatecCst�d�dS)Nzconfig.direct.Updated()r�rsrWrWrXr��szFirewallDConfig.UpdatedZssscCs�t|�}t|�}t|�}t�d|||f�|�|�t|||f�}t|���}||dvrrttj	d|||f��|d�
|�|�|�dS)Nz(config.direct.addChain('%s', '%s', '%s')rz chain '%s' already is in '%s:%s')rrr�r�r*r�r�r!r r�r�r|�rQ�ipv�table�chainr��idxr�rWrWrX�addChain�s"�
��zFirewallDConfig.addChaincCs�t|�}t|�}t|�}t�d|||f�|�|�t|||f�}t|���}||dvrrttj	d|||f��|d�
|�|�|�dS)Nz+config.direct.removeChain('%s', '%s', '%s')rzchain '%s' is not in '%s:%s')rrr�r�r*r�r�r!r r�r{r|r7rWrWrX�removeChain�s"�
��zFirewallDConfig.removeChaincCsJt|�}t|�}t|�}t�d|||f�t|||f�}||��dvS)Nz*config.direct.queryChain('%s', '%s', '%s')r)rrr�r*r�)rQr8r9r:r�r;rWrWrX�
queryChain�s�zFirewallDConfig.queryChaincCsbt|�}t|�}t�d||f�g}|��dD]*}|d|kr2|d|kr2|�|d�q2|S)Nz#config.direct.getChains('%s', '%s')rr#r�rrr�r�r�)rQr8r9r�r�r;rWrWrX�	getChains�szFirewallDConfig.getChainsr}za(sss)cCst�d�|��dS)Nzconfig.direct.getAllChains()r�rr�r�r�rWrWrX�getAllChains�s
zFirewallDConfig.getAllChainsZsssiasc	
Cs�t|�}t|�}t|�}t|�}t|�}t�d||||d�|�f�|�|�|||||f}t|���}||dvr�ttj	d||||f��|d�
|�|�t|��dS)Nz1config.direct.addRule('%s', '%s', '%s', %d, '%s')�','r#z"rule '%s' already is in '%s:%s:%s')
rrr�r"r�r�r�r!r r�r�r|r*�	rQr8r9r:�priorityrRr�r;r�rWrWrX�addRules&�

��zFirewallDConfig.addRulec	
Cs�t|�}t|�}t|�}t|�}t|�}t�d||||d�|�f�|�|�|||||f}t|���}||dvr�ttj	d||||f��|d�
|�|�t|��dS)Nz4config.direct.removeRule('%s', '%s', '%s', %d, '%s')rCr#zrule '%s' is not in '%s:%s:%s')
rrr�r"r�r�r�r!r r�r{r|r*rDrWrWrX�
removeRules&�

��zFirewallDConfig.removeRulec
Csdt|�}t|�}t|�}t|�}t|�}t�d||||d�|�f�|||||f}||��dvS)Nz3config.direct.queryRule('%s', '%s', '%s', %d, '%s')rCr#�rrr�r"r�)rQr8r9r:rErRr�r;rWrWrX�	queryRule/s�zFirewallDConfig.queryRulecCs�t|�}t|�}t|�}t�d|||f�|�|�t|���}|ddd�D]2}|||f|d|d|dfkrR|d�|�qR|�t|��dS)Nz+config.direct.removeRules('%s', '%s', '%s')r#rr)	rrr�r�r�r�r{r|r*)rQr8r9r:r�r�ZrulerWrWrX�removeRules>s�
 zFirewallDConfig.removeRulesza(ias)cCs�t|�}t|�}t|�}t�d|||f�g}|��dD]>}|d|kr<|d|kr<|d|kr<|�|d|df�q<|S)Nz(config.direct.getRules('%s', '%s', '%s')r#rrrr(r?)rQr8r9r:r�r�r;rWrWrX�getRulesOs�$zFirewallDConfig.getRulesz	a(sssias)cCst�d�|��dS)Nzconfig.direct.getAllRules()r#rAr�rWrWrX�getAllRules_s
zFirewallDConfig.getAllRulesZsascCs�t|�}t|�}t�d|d�|�f�|�|�||f}t|���}||dvrfttj	d||f��|d�
|�|�|�dS)Nz(config.direct.addPassthrough('%s', '%s')rCr�passthrough '%s', '%s')rrr�r"r�r�r�r!r r�r�r|�rQr8rRr�r;r�rWrWrX�addPassthroughis�

�zFirewallDConfig.addPassthroughcCs�t|�}t|�}t�d|d�|�f�|�|�||f}t|���}||dvrfttj	d||f��|d�
|�|�|�dS)Nz+config.direct.removePassthrough('%s', '%s')rCrrM)rrr�r"r�r�r�r!r r�r{r|rNrWrWrX�removePassthrough|s�

�z!FirewallDConfig.removePassthroughcCs@t|�}t|�}t�d|d�|�f�||f}||��dvS)Nz*config.direct.queryPassthrough('%s', '%s')rCrrH)rQr8rRr�r;rWrWrX�queryPassthrough�s�z FirewallDConfig.queryPassthroughZaascCsJt|�}t�d|�g}|��dD]}|d|kr&|�|d�q&|S)Nz#config.direct.getPassthroughs('%s')rrr#r?)rQr8r�r�r;rWrWrX�getPassthroughs�szFirewallDConfig.getPassthroughsza(sas)cCst�d�|��dS)Nz"config.direct.getAllPassthroughs()rrAr�rWrWrX�getAllPassthroughs�s
z"FirewallDConfig.getAllPassthroughs)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)��__name__�
__module__�__qualname__�__doc__Z
persistentrrOZPK_ACTION_CONFIGZdefault_polkit_auth_requiredrr4r7rtryr8rgr�r�rhr�r�rir�r�rkr�r�rfr�r�rjr�r�rr�r�r�r	ZPROPERTIES_IFACEr�rrr�rn�signalr�ZPK_ACTION_INFOZINTROSPECTABLE_IFACEr�r�rZDBUS_SIGNATUREr�r�r�r�r�r�r�r�r�r�rrrrrr
rrr
rPrrrrrr�rrrrrr�rrrrrr�rrr r#r%r+r-r�r.r/r0r1r�r2r3r4rr5r�r
r�rr�r|rr�r<r=r>r@rBrFrGrIrJrKrLrOrPrQrRrS�
__classcell__rWrWrUrXr"<sN0






























L
$��
C

���
����
����
�
���
�
��	
�
�	
�
�	
�
��	
�

�
���
	
�
�	
�
�
�
�

�
�
�	
�

�
�
�
�
�
�
�
�
�
�
�	
�r")7rGrOZdbus.serviceZfirewallrZfirewall.core.baserZfirewall.core.watcherrZfirewall.core.loggerrZfirewall.server.dbusrZfirewall.server.decoratorsrrr	r
rrZfirewall.server.config_icmptyper
Zfirewall.server.config_servicerZfirewall.server.config_zonerZfirewall.server.config_policyrZfirewall.server.config_ipsetrZfirewall.server.config_helperrZfirewall.core.io.icmptyperZfirewall.core.io.ipsetrZfirewall.core.io.helperrZ#firewall.core.io.lockdown_whitelistrZfirewall.core.io.directrZfirewall.dbus_utilsrrrrrrrrr Zfirewall.errorsr!r"rWrWrWrX�<module>s. (

© 2025 Cubjrnet7