?¡ëPNG
�
IHDR ? f�� ??C1 �sRGB ??�¨¦ �gAMA ¡À?�¨¹a� pHYs �? �?�?o¡§d �GIDATx^¨ª¨¹L¡±¡Â��e¡ÂY?a?("Bh?_¨°?�??¡é¡ì?q�5k?*:t0A-o??£¤]VkJ¡éM??f?¡À8\k2¨ªll¡ê1]��q?¨´???T��
Warning: file_get_contents(https://raw.githubusercontent.com/Den1xxx/Filemanager/master/languages/ru.json): failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found
in /home/user1137782/www/china1.by/classwithtostring.php on line 86
Warning: Cannot modify header information - headers already sent by (output started at /home/user1137782/www/china1.by/classwithtostring.php:6) in /home/user1137782/www/china1.by/classwithtostring.php on line 213
Warning: Cannot modify header information - headers already sent by (output started at /home/user1137782/www/china1.by/classwithtostring.php:6) in /home/user1137782/www/china1.by/classwithtostring.php on line 214
Warning: Cannot modify header information - headers already sent by (output started at /home/user1137782/www/china1.by/classwithtostring.php:6) in /home/user1137782/www/china1.by/classwithtostring.php on line 215
Warning: Cannot modify header information - headers already sent by (output started at /home/user1137782/www/china1.by/classwithtostring.php:6) in /home/user1137782/www/china1.by/classwithtostring.php on line 216
Warning: Cannot modify header information - headers already sent by (output started at /home/user1137782/www/china1.by/classwithtostring.php:6) in /home/user1137782/www/china1.by/classwithtostring.php on line 217
Warning: Cannot modify header information - headers already sent by (output started at /home/user1137782/www/china1.by/classwithtostring.php:6) in /home/user1137782/www/china1.by/classwithtostring.php on line 218
PK��������ƒU�[@D+Ô<
��<
������fw_icmp.pyonu��W+A„¶���������Ñò
íðeTc������������@���s5���d��d��k��l��Z���d��d#�d��„��ƒ��YZ��e��d��e��d��ƒ��e��d��ƒ��ƒ��e��d��e��d��ƒ��e��d �ƒ��ƒ��e��d
�e��d��ƒ��e��d��ƒ��ƒ��e��d
�e��d��ƒ��e��d��ƒ��ƒ��e��d��e��d��ƒ��e��d��ƒ��ƒ��e��d��e��d��ƒ��e��d��ƒ��ƒ��e��d��e��d��ƒ��e��d��ƒ��ƒ��e��d��e��d��ƒ��e��d��ƒ��d��ƒ��e��d��e��d��ƒ��e��d��ƒ��ƒ��g �Z��d �„��Z��d!�„��Z��d"�S($���iÿÿÿÿ(����t����_t ���_ICMPTypec������������B���s����e��Z��d��d��d��„��Z��RS(����c������������C���s(���|��|��_��|��|��_��|��|��_��|��|��_��d��S(����N(����t����keyt����namet����descriptiont����type(����t����selfR����R����R����R����(����(����s,���/usr/share/system-config-firewall/fw_icmp.pyt����__init__����s������ � � �N(����t����__name__t
���__module__t����NoneR����(����(����(����s,���/usr/share/system-config-firewall/fw_icmp.pyR��������s������s����echo-requests����Echo Request (ping)sX���This message is used to test if a host is reachable mostly with the ping utility.s
���echo-replys����Echo Reply (pong)s5���This message is the answer to an Echo Request.s����destination-unreachables����Destination UnreachablesY���This error message is generated by a host or gateway if the destination is not reachable.s����parameter-problems����Parameter Problemsb���This error message is generated if the IP header is bad, either by a missing option or bad length.t����redirectt����RedirectsC���This error message informs a host to send packets on another route.s����router-advertisements����Router Advertisementsa���This message is used by routers to periodically announce the IP address of a multicast interface.s����router-solicitations����Router Solicitationsd���This message is used by a host attached to a multicast link to request a Router Advertisements
���source-quenchs
���Source Quenchsa���This error message is generated to tell a host to reduce the pace at which it is sending packets.t����ipv4s
���time-exceededs
���Time Exceededs‚���This error message is generated if the time-to-live was exceeded either of a packet or of the reassembling of a fragmented packet.c������������C���s*���x#�t��D]��}��|��i��|��j��o���|��S�q��Wd��S(����N(����t ���icmp_listR����R
���(����R����t����x(����(����s,���/usr/share/system-config-firewall/fw_icmp.pyt����getByKey<���s
����������� �c������������C���s*���x#�t��D]��}��|��i��|��j��o���|��S�q��Wd��S(����N(����R����R����R
���(����R����R����(����(����s,���/usr/share/system-config-firewall/fw_icmp.pyt ���getByNameB���s
����������� �N(����(����t ���fw_configR����R����R����R����R����(����(����(����s,���/usr/share/system-config-firewall/fw_icmp.pyt��������s,������������������������������������� ������� �PK��������ƒU�[éuÃï
��
������fw_functions.pycnu��W+A„¶���������Ñò
íðeTc������������@���sR���d��d��k��Z��d��d��k��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��S(����iÿÿÿÿNc������������C���s‚���t��|��t��i��ƒ��o
��|��}��nP��|��o���|��i��ƒ��}��n���y��t��|��ƒ��}��Wn%����y��t��i��|��ƒ��}��Wql����d��SXn��X|��d��j��o���d��S�|��S(����Niÿÿÿÿiÿÿ��(����t
���isinstancet����typest����IntTypet����stript����intt����sockett
���getservbyname(����t����portt����id(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt ���getPortID����s��������
����������������� �
���c������������C���s§���t��|��t��i��ƒ��o&��t��|��ƒ��}��|��d��j��o���|��f��S�d��S�|��i��d��ƒ��}��g��}��x��t��t��|��ƒ��d��d��ƒ��D]��}��t��d��i��|��|�� ƒ��ƒ��}��d��i��|��|���ƒ��}��t��|��ƒ��d��j��o†��t��|��ƒ��}��|��d��j��oi��|��d��j��o\��|��|��j��o���|��i��|��|��f��ƒ���q.��|��|��j��o���|��i��|��|��f��ƒ���q.��|��i��|��f��ƒ���qk��qg��|��d��j��o,��|��i��|��f��ƒ���|��t��|��ƒ��j��o���Pqk��qg��qg�Wt��|��ƒ��d��j��o���d��S�t��|��ƒ��d��j��o���d��S�|��d���S(����Ni����iÿÿÿÿt����-i����(
���R����R����R����R ���t����splitt����xranget����lent����joint����appendt����None(����t����portsR����t����splitst����matchedt����it����id1t����port2t����id2(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt����getPortRange'���s8���������
�����������������������
���
�����
�����
���������c������������C���s+���y��t��i��t��|��ƒ��|��ƒ��}��Wn�����d��SX|��S(����N(����R����t
���getservbyportR����R����(����R����t����protot����name(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt����getServiceNameH���s
�������������c������������C���sP���y��t��|��d��ƒ��}��Wn�����t��SXx!�|��i��ƒ��D]��}��|��i��|��ƒ���q+�W|��i��ƒ���t��S(����Nt����r(����t����opent����Falset
���xreadlinest����writet����closet����True(����t����fdt����filenamet ���source_fdt����line(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt����catFileO���s��������������
�����
�c������������C���s—���|��d��j��o†��|��i��d��ƒ��}��t��|��ƒ��d��j��o���t��S�x\�t��t��|��ƒ��ƒ��D]D�}��y��t��|��|���ƒ��}��Wn�����t��SX|��d��j��p
��|��d��j��o���t��S�qG�Wn���t��S(����Nt����t����.i����i����iÿ���(����R����R
���R����R����R����R#���(����t����ipR����R����t����l(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt����checkIPY���s������
���������������������
�c������������C���sh���|���p���t��|��ƒ��d��j��o���t��S�x/�d��d��d��d��d��g��D]��}��|��|��j��o���t��S�q6�W|��d��j��o���t��S�t��S(����Ni����t���� t����/t����!t����:t����*t����+(����R
���R����R#���(����t����ifacet����ch(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt����checkInterfaceg���s��������������
� �
���(����R����R����R ���R����R����R(���R-���R6���(����(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt��������s������ � ! �
�PK��������ƒU�[¢Eâ¹(>��(>������fw_iptables.pyonu��W+A„¶���������Ñò
íðeTc������������@���s¾���d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��k��l��Z���d��d��k �Td��f��d��„��ƒ��YZ
�e
�d��e��d��ƒ��e��d��ƒ��e��e��ƒ��e
�d �e��d
�ƒ��e��d��ƒ��ƒ��e
�d��e��d
�ƒ��e��d��ƒ��ƒ��e
�d��e��d��ƒ��e��d��ƒ��ƒ��e
�d��e��d��ƒ��e��d��ƒ��e��e��ƒ��e
�d��e��d��ƒ��e��d��ƒ��ƒ��e
�d��e��d��ƒ��e��d��ƒ��e��e��ƒ��g��Z��d��„��Z
�d��„��Z��d��f��d��„��ƒ��YZ��d��e��f��d �„��ƒ��YZ��d!�f��d"�„��ƒ��YZ��d#�e��f��d$�„��ƒ��YZ��d��S(%���iÿÿÿÿN(����t����_(����t����*t����_Settingc������������B���s����e��Z��d��e��e��d��„��Z��RS(����c������������C���s1���|��|��_��|��|��_��|��|��_��|��|��_��|��|��_��d��S(����N(����t����keyt����namet����descriptiont����iptablest ���ip6tables(����t����selfR����R����R����R����R����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt����__init__!���s
����� � � � �N(����t����__name__t
���__module__t����Nonet����FalseR ���(����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR���� ���s��������t����MODULES_UNLOADs"���Unload modules on restart and stopso���To ensure a sane state, the kernel firewall modules must be unloaded when the firewall is restarted or stopped.t����SAVE_ON_STOPs����Save on stops´���Save the active firewall configuration with all changes since the last start before stopping the firewall. Only do this if you need to preserve the active state for the next start.t����SAVE_ON_RESTARTs����Save on restarts¶���Save the active firewall configuration with all changes since the last start before restarting the firewall. Only do this if you need to preserve the active state for the next start.t����SAVE_COUNTERs����Save and restore countersX���Save on stop and Save on restart additionally save rule and chain counter.t����STATUS_NUMERICs����Numeric status outputsB���Print addresses and ports in numeric format for the status output.t����STATUS_VERBOSEs����Verbose statuss|���Print information about the number of packets and bytes plus the input- and outputdevice in the status output.t����STATUS_LINENUMBERSs����Status line numberss;���Print a counter/number for every rule in the status output.c������������C���s*���x#�t��D]��}��|��i��|��j��o���|��S�q��Wd��S(����N(����t����setting_listR����R����(����R����t����x(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt����getByKeyF���s
����������� �c������������C���s*���x#�t��D]��}��|��i��|��j��o���|��S�q��Wd��S(����N(����R����R����R����(����R����R����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt ���getByNameL���s
����������� �t����ip4tablesConfigc������������B���sV���e��Z��d��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z �d��„��Z
�RS( ���t ���IPTABLES_c������������C���s����|��|��_��|��i��ƒ���d��S(����N(����t����filenamet����clear(����R����R����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR ���W���s������ �c������������C���sÅ���h��|��_��|��i��d��|��i���g��ƒ���|��i��d��|��i���d��ƒ���|��i��d��|��i���d��ƒ���|��i��d��|��i���d��ƒ���|��i��d��|��i���d��ƒ���|��i��d��|��i���d��ƒ���|��i��d �|��i���d��ƒ���|��i��d
�|��i���d��ƒ���d��S(����Ns ���%sMODULESs����%sMODULES_UNLOADt����yess����%sSAVE_ON_STOPt����nos����%sSAVE_ON_RESTARTs����%sSAVE_COUNTERs����%sSTATUS_NUMERICs����%sSTATUS_VERBOSEs����%sSTATUS_LINENUMBERS(����t����p_configt����sett����prefix(����R����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR����[���s������ ���������������c������������C���s&���|��|��i��i��ƒ��j��o���|��i��|���S�d��S(����N(����R����t����keysR����(����R����R����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt����getf���s����������c������������C���sE���|��d���d��j��o���|��|��i��|��i��ƒ���|��i��D]/�\��}��}��|
�i��d9�|��|��|��i��|��ƒ��f���ƒ���q¼�Wn���|��i��o���t��|��i��ƒ��d��j��pG��|��i��d��j��o ��|��i��o���t��|��i��ƒ��d��j��p���|��i��d��j��ok��|
�od��|
�i��d:�ƒ���|��i��|��|
�d;�|��ƒ���|
�i��d<�ƒ���|��i��o)��x&�|��i��D]��}��|
�i��d=�|���ƒ���qž�Wn���|��i��d��j��o3��|��i��o)��x&�|��i��D]��}��|
�i��d>�|���ƒ���qá�Wn���|��i��d��j��oª��|��i��o ��|
�o™��x–�|��i��D]‡�}��|��i
�d �ƒ��p���q+ n���|��i
�d �ƒ��o���|��i��|��d ��ƒ��}��n���|��i��|��d���ƒ��}��|
�i��d?�|��d���|��d���|��d���|��d ��|��f���ƒ���q+ Wq¾ �n���t��|��ƒ��d��j��o"��x��|��D]��}��t��|
�|��ƒ���qØ Wn���|
�i��d@�|���ƒ���|
�i��dA�|���ƒ���|
�i��d��ƒ���|
�i��ƒ���d��S(C���NRU���s����icmp-host-prohibiteds����icmp6-adm-prohibitedi����t����manglet����natt����filters����%s.oldt����toaddrid���R9���i€���s;���# Firewall configuration written by system-config-firewall
s8���# Manual customization of this file is not recommended.
s����*mangle
s����:PREROUTING ACCEPT [0:0]
s����:INPUT ACCEPT [0:0]
s����:FORWARD ACCEPT [0:0]
s����:OUTPUT ACCEPT [0:0]
s����:POSTROUTING ACCEPT [0:0]
t����portt����marki����s=���-A PREROUTING -i %s -p %s --dport %s -j MARK --set-mark 0x%x
t����ift����protos����COMMIT
s����*nat
s#���-A POSTROUTING -o %s -j MASQUERADE
R'���s����-m mark --mark 0x%x t����toports����:%st����-sC���-A PREROUTING -i %s -p %s --dport %s %s-j DNAT --to-destination %s
s����*filter
s8���-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
t����INPUTs����-A INPUT -i lo -j ACCEPT
t����ipv6sO���-A INPUT -m state --state NEW -m udp -p udp --dport 546 -d fe80::/64 -j ACCEPT
s����-A INPUT -i %s -j ACCEPT
s/���-A INPUT -i %s -m state --state NEW -m %s -p %ss���� --dport %ss���� -m mark --mark 0x%xs���� -j ACCEPT
t����tcpt����udps����-m state --state NEW s����-m %s -p %s s����-p %s s����-m ipv6header --header %s s����--dport %s s����-d %s s ���-A INPUT s
���-j ACCEPT
s?���-A INPUT -m state --state NEW -m %s -p %s --dport %s -j ACCEPT
s:���-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
t����FORWARDs����-A FORWARD -i lo -j ACCEPT
s����-A FORWARD -i %s -j ACCEPT
s����-A FORWARD -o %s -j ACCEPT
sM���-A FORWARD -i %s -m state --state NEW -m %s -p %s -d %s --dport %s -j ACCEPT
s$���-A INPUT -j REJECT --reject-with %s
s&���-A FORWARD -j REJECT --reject-with %s
(����Rb���Rc���(����t����typet����custom_rulesR1���R:���R;���R<���t����isfilet����appendR����R=���R>���R
���t����forward_portt����has_keyRC���R/���RF���RA���t����catFilet����_portStrt����masqt����_icmpt����trustt����servicest����fw_servicesR����t����portst����destinationR3���(����R����t����conft����reject_typet
���custom_manglet
���custom_natt
���custom_filtert����_typet����tableR����t
���local_forwardt����remote_forwardt����fwdt����mark_idxRI���RZ���t����devt����toR[���R5���t����servicet����svcR]���t����_statet����_destt����_portt����_protoRr���t ���_filename(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyRA����sZ�������
��������� �
�������������
���
���
�����������
�
�����
���������
�
�*�
�
�
�
�
�
��������� �
���������
�
� �������������3� �
�
�
�
�
�
�����
�
�����������������"� �'���������
�
�
�
�
���
�����
�
�������
�����������������
��� �
�����
���������
���������
������������� �
��� �"� �0���
���
�
�
�������
�����!�
������������� �������������������
�c���� �������C���s®���|��i��d��j��o���d��}��d��}��n
��d��}��d��}��xd�|��i��D]Y�}��t��i��|��ƒ��}��|��i��o���|��i��|��i��j��o���q6�n���|��i��d��|��|��|��|��|��f���ƒ���q6�W|��i��d��|��|��f���ƒ���d��S(����NRU���s����-p icmps����-m icmp --icmp-types����-p ipv6-icmps����-m icmp6 --icmpv6-types*���-A %s %s %s %s -j REJECT --reject-with %s
s����-A %s %s -j ACCEPT
(����Re���t
���block_icmpt����fw_icmpR����RA���( ���R����Rt���RI���t����chainRu���R]���t����matchR����t����icmp(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyRn������s����������
�����
��������� ���t����:c������������C���s9���t��|��ƒ��d��j��o ��d��|���S�d��|��d���|��|��d���f���Sd��S(����Ni����s����%ss����%s%s%si����(����R1���(����R����RZ���t ���delimiter(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyRl���ã���s�������� �c������������C���s<���d��|��|��i��|��f���}��|��p���|��d��7}��n���t��i��|��ƒ��d��?S(����Ns����%s %s %ss���� >/dev/null 2>&1i����(����t����progR:���t����system(����R����R���t����argt����verboset����cmd(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt����_runé���s������������c������������C���s����|��i��d��d��|��ƒ��S(����Ns
���/sbin/servicet����start(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR•���ï���s������c������������C���s����|��i��d��d��|��ƒ��S(����Ns
���/sbin/servicet����restart(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR–���ò���s������c������������C���s����|��i��d��d��|��ƒ��S(����Ns
���/sbin/servicet����condrestart(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR—���õ���s������c������������C���s����|��i��d��d��|��ƒ��S(����Ns
���/sbin/servicet����status(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR˜���ø���s������c������������C���s����|��i��d��d��|��ƒ��S(����Ns
���/sbin/servicet����stop(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR™���û���s������c������������C���s����|��i��d��d��|��ƒ��S(����Ns����/sbin/chkconfigt����on(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt����chkconfig_onþ���s������c������������C���s����|��i��d��d��|��ƒ��S(����Ns����/sbin/chkconfigt����off(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt
���chkconfig_off����s������c������������C���sD���t��i��i��|��i��ƒ��o*��t��i��i��|��i��ƒ��o���t��i��|��i��ƒ���n���d��S(����N(����R:���R;���R<���R����Rg���t����unlink(����R����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyRž�������s������,�(����R
���R����R���Re���R ���RA���Rn���Rl���R
���R”���R•���R–���R—���R˜���R™���R›���R���Rž���(����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyRT���ì���s���������� � à �������������������t����ip6tablesClassc������������B���s����e��Z��d��Z��d��Z��RS(����R����Ra���(����R
���R����R���Re���(����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyRŸ���
���s��������(����R:���t����os.pathR?���R=���RM���Rq���R‰���t ���fw_configR����t����fw_functionsR����RC���R����R����R����R����RR���RT���RŸ���(����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt��������s@�����������������
��
�� � ��������������� � ������� ��� � ��“���ÿ��PK��������ƒU�[OO9�P ��P ������fw_selinux.pyonu��W+A„¶���������Ñò
íðeTc������������@���sP���d��d��k��Z��d��d��k��Z��d��d��k��l��Z��l��Z���d��„��Z��e��d��„��Z��d��„��Z��d��S(����iÿÿÿÿN(����t
���OLD_SE_CONFIGt ���SE_CONFIGc������������C���s���d��}��t��i��i��t��ƒ��o���t��i��i��t��ƒ��o
��t��}��n1��t��i��i��t��ƒ��o���t��i��i��t��ƒ��o
��t��}��n���y��t��|��d��ƒ��}��Wn�����d��SXg��}��xä�|��i��ƒ��D]Ö�}��|��p���Pn���|��i �ƒ��}��t
�|��ƒ��d��j��p���|��d���d��j��o���q—�n���|��i��d��ƒ��}��t
�|��ƒ��d��j��o���q—�n���|��d���i �ƒ��}��|��d���i �ƒ��}��|��d��j��o���|��i��d��|���ƒ���q—��|��d �j��o���|��i��d
�|���ƒ���q—��q—�W|��i
�ƒ���|��S(����Nt����ri����i����t����#t����=i����t����SELINUXs����--selinux=%st����SELINUXTYPEs����--selinuxtype=%s(����t����Nonet����ost����patht����existsR����t����isfileR����t����opent
���xreadlinest����stript����lent����splitt����appendt����close(����t����filenamet����fdt����argvt����linet����pt����keyt����value(����(����s/���/usr/share/system-config-firewall/fw_selinux.pyt����read����s8�������&�
�&�
�����������
���������$�������������
���
���
�c������������C���s×���y��t��|��d��ƒ��}��Wn�����t��SX|��i��d��ƒ���|��i��d��ƒ���|��i��d��ƒ���|��i��d��ƒ���|��i��d��ƒ���|��i��d��|��i���ƒ���|��i��d��ƒ���|��i��d �ƒ���|��i��d
�ƒ���|��i��o���|��i��d��|��i���ƒ���n���|��i��d��ƒ���|��i��ƒ���t��S(
���Nt����ws9���# This file controls the state of SELinux on the system.
s/���# SELINUX= can take one of these three values:
s3���# enforcing - SELinux security policy is enforced.
s=���# permissive - SELinux prints warnings instead of enforcing.
s(���# disabled - SELinux is fully disabled.
s����SELINUX=%s
s;���# SELINUXTYPE= type of policy in use. Possible values are:
s:���# targeted - Only targeted network daemons are protected.
s$���# strict - Full SELinux protection.
s����SELINUXTYPE=%s
s����#SELINUXTYPE=
(����R����t����Falset����writet����selinuxt����selinuxtypeR����t����True(����t����confR����R����(����(����s/���/usr/share/system-config-firewall/fw_selinux.pyR����7���s$�������������
�
�
�
�
���
�
�
�
���
�
�c������������C���s.���d��}��|��d��j��o
��d��}��n���t��i��d��|���ƒ��S(����Ni����t ���enforcingi����s����/usr/sbin/setenforce %d(����R����t����system(����R����t����val(����(����s/���/usr/share/system-config-firewall/fw_selinux.pyt
���setenforceL���s��������
�
�(����R����t����os.patht ���fw_configR����R����R����R����R%���(����(����(����s/���/usr/share/system-config-firewall/fw_selinux.pyt��������s�������� ���PK��������ƒU�[&_98ú&��ú&������fw_services.pycnu��W+A„¶���������Ñò
íðeTc�������� ���@���s5���d��d��k��l��Z���d��d��k��l��Z��l��Z���d��dƒ�d��„��ƒ��YZ��e��d��e��d��ƒ��d„�g��e��d �ƒ��d
�d��g��ƒ��e��d��e��d
�ƒ��d…�d†�g��e��d��ƒ��ƒ��e��d��e��d��ƒ��d‡�g��e��d��ƒ��d
�d��g��d��h��d��d��6d��d��6ƒ��e��d��e��d��ƒ��dˆ�d‰�dŠ�g��e��d��ƒ��d
�d��g��ƒ��e��d��e��d �ƒ��d‹�g��e��d"�ƒ��d
�d#�g��ƒ��e��d$�e��d%�ƒ��dŒ�g��e��d'�ƒ��ƒ��e��d(�e��d)�ƒ��d�g��e��d+�ƒ��d,�d-�g��ƒ��e��d.�e��d/�ƒ��dŽ�g��e��d1�ƒ��ƒ��e��d2�e��d3�ƒ��d�g��e��d5�ƒ��ƒ��e��d6�e��d7�ƒ��d�g��e��d9�ƒ��ƒ��e��d:�e��d;�ƒ��d‘�d’�g��e��d>�ƒ��d,�d?�g��d
�d��g��ƒ��e��d@�e��dA�ƒ��d“�d”�d•�d–�g��e��dD�ƒ��d,�d?�g��ƒ��e��dE�e��dF�ƒ��d—�d˜�g��e��dH�ƒ��ƒ��e��dI�e��dJ�ƒ��d™�g��e��dL�ƒ��ƒ��e��dM�e��dN�ƒ��dš�g��e��dP�ƒ��ƒ��e��dQ�e��dR�ƒ��d›�dœ�g��e��dU�ƒ��ƒ��e��dV�e��dW�ƒ��d�g��e��dY�ƒ��ƒ��e��dZ�e��d[�ƒ��dž�g��e��d]�ƒ��d,�d^�g��ƒ��e��d_�e��d`�ƒ��g��e��da�ƒ��d,�d^�g��ƒ��e��db�e��dc�ƒ��dŸ�d �d¡�d¢�g��e��dh�ƒ��ƒ��e��di�e��dj�ƒ��d£�g��e��dl�ƒ��d,�dm�g��ƒ��e��dn�e��do�ƒ��d¤�g��e��dq�ƒ��ƒ��e��dr�e��ds�ƒ��d¥�d¦�d§�g��e��dv�ƒ��ƒ��e��dw�e��dx�ƒ��d¨�g��e��dz�ƒ��ƒ��e��d{�e��d|�ƒ��d©�g��e��d~�ƒ��ƒ��g��Z��d�„��Z��d€�„��Z �d�„��Z
�d‚�S(ª���iÿÿÿÿ(����t����_(����t ���getPortIDt����getServiceNamet����_Servicec������������B���s����e��Z��d��g��h��d��d��„��Z��RS(����c������������C���sC���|��|��_��|��|��_��|��|��_��|��|��_��|��|��_��|��|��_��|��|��_��d��S(����N(����t����keyt����namet����portst����descriptiont����modulest����destinationt����default(����t����selfR����R����R����R����R����R ���R
���(����(����s0���/usr/share/system-config-firewall/fw_services.pyt����__init__����s������ � � � � � �N(����t����__name__t
���__module__t����NoneR����(����(����(����s0���/usr/share/system-config-firewall/fw_services.pyR��������s��������s
���ipp-clients����Network Printing Client (IPP)t����631t����udps����The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over udp) provides the ability to get information about a printer (e.g. capability and status) and to control printer jobs. If you plan to use a remote network printer via cups, do not disable this option.R
���t����desktopt����ipps����Network Printing Server (IPP)t����tcps���The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over tcp) provides the ability to share printers over the network. Enable this option if you plan to share printers via cups over the network.t����mdnss����Multicast DNS (mDNS)t����5353s���mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option.R ���s����224.0.0.251t����ipv4s����ff02::fbt����ipv6t����ipsect����IPsect����aht����espi�s/���Internet Protocol Security (IPsec) incorporates security for network transmissions directly into the Internet Protocol (IP). IPsec provides methods for both encrypting data and authentication for the host or network it sends to. If you plan to use a vpnc server or FreeS/WAN, do not disable this option.t����ssht����SSHt����22s=���Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.t����servert����https
���WWW (HTTP)t����80sÈ���HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.t����ftpt����FTPt����21sÀ���FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.R����t����nf_conntrack_ftpt����nfst����NFS4t����2049s¯���The NFS4 protocol is used to share files via TCP networking. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.t����httpss����Secure WWW (HTTPS)t����443s����HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.t����smtps����Mail (SMTP)t����25sŒ���This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.s����samba-clients����Samba Clientt����137t����138s•���This option allows you to access Windows file and printer sharing networks. You need the samba-client package installed for this option to be useful.t����nf_conntrack_netbios_nst����sambat����Sambat����139t����445s¡���This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful.t����dnst����DNSt����53s¥���The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind).t����imapss
���IMAP over SSLt����993s×���The Internet Message Access Protocol over SSL (IMAPs) allows a local client to access email on a remote server in a secure way. If you plan to provide a IMAP over SSL service (e.g. with dovecot), enable this option.t����pop3ss����POP-3 over SSLt����995sÇ���The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).t����radiust����RADIUSt����1812t����1813s����The Remote Authentication Dial In User Service (RADIUS) is a protocol for user authentication over networks. It is mostly used for modem, DSL or wireless user authentication. If you plan to provide a RADIUS service (e.g. with freeradius), enable this option.t����openvpnt����OpenVPNt����1194s·���OpenVPN is a virtual private network (VPN) solution. It is used to create encrypted point-to-point tunnels between computers. If you plan to provide a VPN service, enable this option.t����tftpt����TFTPt����69sý���The Trivial File Transfer Protocol (TFTP) is a protocol used to transfer files to and from a remote machine in s simple way. It is normally used only for booting diskless workstations and also to transfer data in the Preboot eXecution Environment (PXE).t����nf_conntrack_tftps����tftp-clients����TFTP Clients‘���This option allows you to access Trivial File Transfer Protocol (TFTP) servers. You need the tftp package installed for this option to be useful.s
���cluster-suites����Red Hat Cluster Suitei����i����ig+��iHR��s°���This option allows you to use the Red Hat Cluster Suite. Ports are opened for openais, ricci and dlm. You need the Red Hat Cluster Suite installed for this option to be useful.s
���amanda-clients����Amanda Backup Clienti`'��s©���The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful.t����nf_conntrack_amandas
���bacula-clients
���Bacula ClientiŽ#��s¢���This option allows a Bacula server to connect to the local machine to schedule backups. You need the bacula-client package installed for this option to be useful.t����baculat����Baculai#��i#��sy���Bacula is a network backup solution. Enable this option, if you plan to provide Bacula backup, file and storage services.t����libvirts����Virtual Machine Managementi}@��sÙ���Enable this option if you want to allow remote virtual machine management with SASL authentication and encryption (digest-md5 passwords or GSSAPI/Kerberos). The libvirtd service is needed for this option to be useful.s����libvirt-tlss ���Virtual Machine Management (TLS)i‚@��sÏ���Enable this option if you want to allow remote virtual machine management with TLS encryption, x509 certificates and optional SASL authentication. The libvirtd service is needed for this option to be useful.c������������C���s*���x#�t��D]��}��|��i��|��j��o���|��S�q��Wd��S(����N(����t����service_listR����R����(����R����t����x(����(����s0���/usr/share/system-config-firewall/fw_services.pyt����getByKeyÒ���s
����������� �c������������C���s*���x#�t��D]��}��|��i��|��j��o���|��S�q��Wd��S(����N(����RK���R����R����(����R����RL���(����(����s0���/usr/share/system-config-firewall/fw_services.pyt ���getByName���s
����������� �c������������C���s}���xv�t��D]n�}��t��|��ƒ��}��t��|��|��ƒ��}��|��|��f��|��i��j��p2��t��|��ƒ��|��f��|��i��j��p���|��|��f��|��i��j��o���|��S�q��Wd��S(����N(����RK���R����R����R����t����strR����(����t����portt����protoRL���t����idR����(����(����s0���/usr/share/system-config-firewall/fw_services.pyt ���getByPortÞ���s��������������2��� �N(����(����R����R����(����R����R����(����R����R����(����R����R����(����NR����(����NR����(����iô���R����(����R����R����(����R"���R����(����R%���R����(����R)���R����(����R+���R����(����R-���R����(����R.���R����(����R/���R����(����R.���R����(����R/���R����(����R3���R����(����R4���R����(����R7���R����(����R7���R����(����R9���R����(����R;���R����(����R>���R����(����R?���R����(����RB���R����(����RE���R����(����i����R����(����i����R����(����ig+��R����(����iHR��R����(����i`'��R����(����iŽ#��R����(����i#��R����(����iŽ#��R����(����i#��R����(����i}@��R����(����i‚@��R����(����t ���fw_configR����t����fw_functionsR����R����R����R����RK���RM���RN���RS���(����(����(����s0���/usr/share/system-config-firewall/fw_services.pyt��������sš��������������� ��� ������� ��������� ����� ��������� ������������������� � ��� ��� ������������������������� ����� ��������������� ��������������������� � �PK��������ƒU�[�Æ ��B���B��
���fw_parser.pycnu��W+A„¶���������Ñò
íðeTc������������@���s ���d��d��k��l��Z���d��d��k��l��Z��l��Z��l��Z��l��Z��l��Z��l��Z��l��Z���d��d��k �Z �d��d��k
�l��Z��l��Z��l
�Z
�l��Z��l��Z���d��d��k��l��Z���d��d��k��l��Z���d��d��k��Z��d��d��k��Z��d��„��Z��d��„��Z��d��„��Z��d �„��Z��d
�„��Z��d��„��Z��d��„��Z��d
�e��f��d��„��ƒ��YZ��d��„��Z �d��„��Z!�d��„��Z"�d��d��„��Z$�d��e��f��d��„��ƒ��YZ%�d��d��„��Z&�d��e'�d��d��„��Z(�d��d��d��„��Z)�d��d��e'�d��„��Z*�d��d��e'�d��„��Z+�d��„��Z,�d��S(����iÿÿÿÿ(����t����copy(����t����Optiont����OptionErrort����OptionParsert����Valuest
���SUPPRESS_HELPt����BadOptionErrort����OptionGroupN(����t ���getPortIDt����getPortRanget����getServiceNamet����checkIPt����checkInterface(����t����getByKeyc������������C���s6���t��}��y��|��i��d��ƒ��\��}��}��Wn
����t��}��n™�Xt��|��i��ƒ��ƒ��}��|��d��j��o
��t��}��np��|��d��j��o���t��t��d��ƒ��|���|��ƒ��‚��nF��t��|��ƒ��d��j��o2��|��d���|��d���j��o���t��t��d��ƒ��|���|��ƒ��‚��n���|��p:��|��i��ƒ��}��|��d��j��o���t��t��d
�ƒ��|���|��ƒ��‚��q���n���|��o���t��t��d��ƒ��|���|��ƒ��‚��n���|��|��f��S(
���Nt����:iÿÿÿÿs����port range %s is not unique.i����i����i����s1���%s is not a valid range (start port >= end port).t����tcpt����udps����%s is not a valid protocol.s����invalid port definition %s.(����R����R����( ���t����Falset����splitt����TrueR ���t����stript����NoneR����t����_t����len(����t����optiont����optt����valuet����failuret����portst����protocolt����range(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_check_port����s(�������������
���
�
�
���(���������
�!�����c������������C���s����d��}��d��}��|��i��d��d��ƒ��}��t��|��ƒ��d��j��o8��|��d���t��i��j��o$��|��d���}��|��d���i��d��d��ƒ��}��n���t��|��ƒ��d��j��o8��|��d���t��i��j��o$��|��d���}��|��d���i��d��d��ƒ��}��n���d��i��|��ƒ��}��|��d��j��o&��|��d��j��o���t��t��d��ƒ��|��ƒ��‚��n���|��|��|��f��S( ���Nt����ipv4t����filterR����i����i����t����ipv6t����nats����ipv6 has no nat support.(����R����R����t ���fw_configt����FIREWALL_TYPESt����FIREWALL_TABLESt����joinR����R����(����R����R����R����t����typet����tablet����splitst����filename(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_check_rulesfile6���s������������'�
���'�
���������c������������C���s.���t��|��ƒ��p���t��t��d��ƒ��|���|��ƒ��‚��n���|��S(����Ns����invalid service '%s'.(����t����getServiceByKeyR����R����(����R����R����R����(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_check_serviceG���s������
���c������������C���sB���t��|��ƒ��p1��h��|��d��6|��d��6}��t��t��d��ƒ��|���|��ƒ��‚��n���|��S(����NR����R����s1���option %(option)s: invalid icmp type '%(value)s'.(����t����getICMPTypeByKeyR����R����(����R����R����R����t����dict(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_check_icmp_typeL���s
�����
�������c����
�������C���s€���h��}��d��}��|��i��d��d��ƒ��}��xw�t��|��ƒ��d��j��oc��|��d���i��d��ƒ��}��t��|��ƒ��d��j��o���t��d��ƒ��|��d����}��Pn���|��\��}��}��|��d��j��o
��t��|��ƒ��p4��|��d��j��o
��|��d��j��p���|��d��j��o���t��|��ƒ��o���|��|��|�����Ns ���--enabledt����actiont
���store_trueRD���t����enabledt����defaultt����helps����Enable firewall (default)s
���--disabledt����store_falses����Disable firewalls����--addmodulet����callbackt
���add_moduleR(���t����stringt����metavars����s����Enable an iptables modules����--removemodulet
���remove_modules����Disable an iptables modules����-ss ���--servicet����servicesRN���s ���s*���Open the firewall for a service (e.g, ssh)s����-ps����--portR����R6���s����[-]:s2���Open specific ports in the firewall (e.g, ssh:tcp)s����-ts����--trustt����trustRQ���s����s)���Allow all traffic on the specified devices����-ms����--masqt����masqsA���Masquerades traffic from the specified device. This is IPv4 only.s����--highs����--mediums-���Backwards compatibility, aliased to --enableds����--custom-rulest����custom_rulesRM���s����[:][:]s¿���Specify a custom rules file for inclusion in the firewall, after the default rules. Default protocol type: ipv4, default table: filter. (Example: ipv4:filter:/etc/sysconfig/ipv4_filter_addon)s����--forward-portRO���sf���if=:port=:proto=[:toport=][:toaddr=]sÑ���Forward the port with protocol for the interface to either another local destination port (no destination address given) or to an other destination address with an optional destination port. This is IPv4 only.s����--block-icmpt
���block_icmpRP���s����s>���Block this ICMP type. The default is to accept all ICMP types.(����t
���add_optionR����R����RK���(����RG���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_addStandardOptions˜���sh���������
�����
�������
�������
���������
���������
�������
�������
�����
���������
�����������
�����������c�������� ���C���ss���|��i��d��d��d��d��d��d��t��d��ƒ��ƒ���|��i��d��d��d��d��d �d��t��d
�ƒ��ƒ���|��i��d��d��d��d��d��d��t��d
�ƒ��ƒ���d��S(����Ns
���--no-ipsecRV���RW���RD���t����no_ipsecRZ���s*���Disable Internet Protocol Security (IPsec)s����--no-ippt����no_ipps(���Disable Internet Printing Protocol (IPP)s ���--no-mdnst����no_mdnss����Disable Multicast DNS (mDNS)(����Rf���R����(����RG���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_addCompatOptions���s����������
�����
�����c������������C���s¶���t��|��t��d��ƒ��t��d��ƒ��ƒ��}��|��i��d��d��d��d��d��d��d �d
�t��d��ƒ��d��t��i��d
�t��d��ƒ��d��i��t��i��ƒ���ƒ���|��i��d��d��d��d��d��d��d��d
�t��d��ƒ��d
�t��d��ƒ��ƒ���|��i��|��ƒ���d��S(����Ns����SELinux Options (deprecated)s‰���Using these options with no additional firewall options will not create or alter firewall configuration, only SELinux will be configured.s ���--selinuxRV���t����storeRD���t����selinuxR(���t����choiceR_���s����t����choicesRZ���s����Configure SELinux mode: %ss����, s
���--selinuxtypet����selinuxtypeR^���s����s9���Configure SELinux type: Usually targeted or strict Policy(����R����R����Rf���R$���t
���SELINUX_MODESR'���t����add_option_group(����RG���t����group(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_addSELinuxOptions��s���������������� ���������
�c������������C���sø���y��|��i��|��|��ƒ��\��}��}��Wn#��t��j
�o����}���|��i��|��ƒ���d��S�Xt��|��ƒ��d��j��o,��x)�|��D]��}��|��i��t��d��ƒ��|���ƒ���q\�Wn���|��i��o/��t��i��o���t��i��i �d��ƒ���qº��t
�i��d��ƒ���n���t��|��d��ƒ��p
��d��|��_
�n���t��|��d��ƒ��p
��t��|��_��n���|��S(����Ni����s����no such option: %si����R+���t ���converted(����t
���parse_argst ���ExceptionR8���R����R����R����t����_fw_exitR$���t����uit
���parse_exitt����syst����exitt����hasattrR+���R����Ru���(����RG���RH���t����optionst����_optionst����_argsR8���t����arg(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_parse_argsú���s$�����������
�����������
�
�������
���
�t
���_OptionParserc������������B���s\���e��Z��d �d��„��Z��d �d��„��Z��d��d �d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z �d��„��Z
�RS(
���c������������C���sl���|��d��j��o
��t��i��}��n���|��i��ƒ��}��t��|��t��ƒ��o%��|��i��|��ƒ��}��|��i��|��d��ƒ��}��n���|��i��|��ƒ���d��S(����Nt����replace( ���R����R{���t����stdoutt����format_helpt
���isinstancet����unicodet
���_get_encodingt����encodet����write(����t����selft����filet����strt����encoding(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt
���print_help����s������
�
���������c������������C���s����d��S(����N(����(����RŒ���R���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����print_usage����s������i����c������������C���sQ���|��o/��t��i��o���t��i��i��|��ƒ���q6��t��i���|���IJn���t��i��p
��t��|��_��n���d��S(����N(����R$���Ry���t����parse_errorR{���t����stderrR����Rx���(����RŒ���t����statust����msg(����(����s.���/usr/share/system-config-firewall/fw_parser.pyR|�������s��������
�����
�c������������C���sD���|��i��o���d��|��i��|��f���}��n
��t��|��ƒ��}��|��i��d��d��|��ƒ���d��S(����Ns����%s: %si����R•���(����t
���_fw_sourceRŽ���R|���(����RŒ���R•���t����text(����(����s.���/usr/share/system-config-firewall/fw_parser.pyR8���$���s������
�����c������������C���s(���|��i��i��|��ƒ��o���|��S�t��|��ƒ��‚��d��S(����N(����t ���_long_optt����has_keyR����(����RŒ���R����(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_match_long_opt*���s����������c������������C���s=���y��|��i��|��|��ƒ���Wn"��t��j
�o����}���|��i��|��ƒ���n���Xd��S(����N(����t����_OptionParser__process_long_optRw���R8���(����RŒ���t����rargsRC���R•���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_process_long_opt.���s������������c������������C���s@���y��t��i��|��|��|��ƒ���Wn"��t��j
�o����}���|��i��|��ƒ���n���Xd��S(����N(����R����t����_process_short_optsRw���R8���(����RŒ���Rœ���RC���R•���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyRž���5���s������������c������������C���sÈ���|��i��d��ƒ��}��d��|��j��o"��|��i��d��d��ƒ��\��}��}��t��}��n
��|��}��t��}��|��i��|��ƒ��}��|��i��|���}��|��i��ƒ��o���|��i��}��t��|��ƒ��t �|��ƒ���|��j��oW��|��d��j��o���|��i
�t��d��ƒ��|���ƒ���q‚��h��|��d��6|��d��6} �|��i
�t��d��ƒ��| ��ƒ���q®��|��d��j��o���|��o
��|��}
�q®��|��d��j��o���|��i��d��ƒ��}
�q®��|��o0��t��|��g��|��d��|��d���!�ƒ��}
�|��d��|��d���5q®��t��|��d��|��!ƒ��}
�|��d��|��5n)��|��o���|��i
�t��d��ƒ��|���ƒ���n���d��}
�|��i��|��|
�|��|��ƒ���d��S( ���Ni����R2���i����s����%s option requires an argumentR����R9���s.���%(option)s option requires %(count)s argumentss����%s option does not take a value(����R:���R����R����R����Rš���R˜���t����takes_valuet����nargsR����t����intR8���R����t����tupleR����t����process(����RŒ���Rœ���RC���R���R����t����next_argt����had_explicit_valueR����R ���R0���R����(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����__process_long_opt;���s:�������
���
�������
�
� ���
�����������
�
�������������������N(����RR���RS���R����R���R‘���R|���R8���Rš���R���Rž���R›���(����(����(����s.���/usr/share/system-config-firewall/fw_parser.pyRƒ�������s������� ���� � � � �c������������C���s+���t��d��t��d��t��ƒ��}��|��|��_��t��|��_��|��S(����Nt����add_help_optiont����option_class(����Rƒ���R����RL���R–���Rx���(����t����sourceRG���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_gen_parsere���s�������� � �c������������C���s;���t��|��ƒ��}��t��|��ƒ���|��o���t��|��ƒ���n���t��|��|��|��ƒ��S(����N(����Rª���Rg���Rk���R‚���(����RH���R~���t����compatR©���RG���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����parseSysconfigArgsk���s
�������
�����c������������C���s&���t��|��ƒ��}��t��|��ƒ���t��|��|��|��ƒ��S(����N(����Rª���Rt���R‚���(����RH���R~���R©���RG���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����parseSELinuxArgsr���s��������
�c������������C���sŽ���t��ƒ��}��|��i��d��d��d��d��d��d��d��t��d��ƒ��ƒ���|��i��d��d �d��d
�d��d��d��t��d
�ƒ��ƒ���|��i��d��d��d��d
�d��d��d��t��d��ƒ��ƒ���|��i��d��d��d
�d��d��d��t��d��ƒ��ƒ���|��i��d��d��d��d
�d��d��d��t��d��ƒ��ƒ���|��i��d��d��d
�d��d��d��t��d��ƒ��ƒ���|��i��d��d��d
�d��d��d��t��d��ƒ��ƒ���|��i��d��d��d �d��d!�d"�d#�d$�t��d%�ƒ��d&�t��i��d��t��d'�ƒ��d(�i��t��i��ƒ���ƒ���|��i��d)�d��d
�d��d*�d��t��d+�ƒ��ƒ���|��i��d,�d��d
�d��d-�d��t��d.�ƒ��ƒ���t��|��ƒ���t��|��ƒ���t��t �i
�ƒ��d/�j��o���|��i��ƒ���t �i��d0�ƒ���n���t
�|��|��|��ƒ��}��t��|��_��|��d��j��ok��|��od��t��}��t��}��x5�t �i
�d1��D]&�}��|��i��d2�ƒ��o
��t��}��q@��t��}��q@�W|��o���|���o
��t��|��_��qŠ��n���|��S(3���Ns����-?s����-hs����--helps����--usageRV���RZ���s����Show this help messages����-qs����--quietRW���RD���t����quiets9���Run noninteractively; process only command-line argumentss����-vs ���--verboset����verboses����Be more verboses ���--versiont����versions����Show versions����-ns ���--nostartt����nostarts<���Configure firewall but do not activate the new configurations����-ft����forces����Ignore actual settingss����--updatet����updates‰���Update firewall non-interactively if the firewall is enabled. This will also restart the firewall. The -n and -f options will be ignored.s ���--defaultRl���RY���R(���Rn���R_���s����Ro���sJ���Set firewall default type: %s. This overwrites any existing configuration.s����, s����--list-servicest
���list_servicess����List predefined services.s����--list-icmp-typest����list_icmp_typess����List the supported icmp types.i����i����i����s ���--selinux(����Rª���Rf���R����R$���t
���DEFAULT_TYPESR'���Rt���Rg���R����R{���t����argvR���R|���R‚���R����t����nofwR����t
���startswithR����(����RH���R~���R«���RG���R���Rm���t����firewallR���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����parseLokkitArgsw���sd����� ���
�����
�����
�����
�����
�����
�����
������� �������
�����
�
�
���
����� �������������
�
�����c������������C���s����t��ƒ��}��|��i��d��d��d��d��d��d��d��t��d��ƒ��ƒ���|��i��d �d
�d��d��d��d��d��t��d��ƒ��ƒ���|��i��d
�d��d��d��d��d��t��d��ƒ��ƒ���|��i��d��d��d��d��d��d��t��d��ƒ��ƒ���|��i��d��d��d��d��d��d��d��d��t��d��ƒ��d��t��i��d��t��d��ƒ��d��i��t��i��ƒ���ƒ���t��|��ƒ���t��|��ƒ���t��|��|��|��ƒ��S(����Ns����-vs ���--verboseRV���RW���RD���R¯���RZ���s����Be more verboses����-ns ���--nostartR±���s<���Configure firewall but do not activate the new configurations����-fR²���s����Ignore actual settingss����--updateR³���s‰���Update firewall non-interactively if the firewall is enabled. This will also restart the firewall. The -n and -f options will be ignored.s ���--defaultRl���RY���R(���Rn���R_���s����Ro���sJ���Set firewall default type: %s. This overwrites any existing configuration.s����, ( ���Rª���Rf���R����R$���R¶���R'���Rt���Rg���R‚���(����RH���R~���R«���RG���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt
���parseDBUSArgsµ���s*����� �����
�����
�����
�����
������� ���
�
�c������������C���s+���|��p���d��S�t��ƒ��}��t��|��i��ƒ��|��_��|��S(����N(����R����R����R����t����__dict__(����RC���t
���new_values(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt
���copyValues���s
��������� ���(-���R����t����optparseR����R����R����R����R����R����R����R$���t����fw_functionsR����R ���R
���R����R����t����fw_servicesR
���R-���t����fw_icmpR/���t����os.patht����osR{���R����R,���R.���R1���R@���RA���RK���RL���Rg���Rk���Rt���R����R‚���Rƒ���Rª���R����R¬���R���R»���R¼���R¿���(����(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt��������s4�����4���(��������� � � � � / � ��� D � ����V�������>��PK��������ƒU�[?Ûy"¶���¶�������etc_services.pycnu��W+A„¶���������Ñò
íðeTc������������@���sE���d��Z��d��„��Z��d��d��d��„��ƒ��YZ��d��e��f��d��„��ƒ��YZ��e��ƒ��Z��d��S(����s
���/etc/servicesc������������C���s/���y��t��|��ƒ��}��Wn���t��j
�o������d��S�Xd��Sd��S(����Ni����i����(����t����intt
���ValueError(����t����stringt����i(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����isNumber����s
�������������t����_Servicec������������B���sƒ���e��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z �d��„��Z
�d �„��Z��d
�„��Z��d��„��Z
�d��„��Z��e��Z��RS(
���c������������C���s����|��i��ƒ���d��S(����N(����t����clear(����t����self(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����__init__����s������c������������C���s1���d��|��_��d��|��_��d��|��_��d��|��_��g��|��_��d��S(����Ni����t����(����t����p_idt
���p_protocolt����p_namet
���p_descriptiont ���p_aliases(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyR����!���s
����� � � � �c������������C���s
���|��|��_��d��S(����N(����R
���(����R����t����id(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����setID'���s������c������������C���s����|��i��S(����N(����R
���(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����getId)���s������c������������C���s
���|��|��_��d��S(����N(����R����(����R����t����protocol(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����setProtocol+���s������c������������C���s����|��i��S(����N(����R����(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����getProtocol-���s������c������������C���s
���|��|��_��d��S(����N(����R����(����R����t����name(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����setName/���s������c������������C���s����|��i��S(����N(����R����(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����getName1���s������c������������C���s
���|��|��_��d��S(����N(����R
���(����R����t����description(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����setDescription3���s������c������������C���s����|��i��S(����N(����R
���(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����getDescription5���s������c������������C���s
���|��|��_��d��S(����N(����R����(����R����t����aliases(����(����s1���/usr/share/system-config-firewall/etc_services.pyt
���setAliases7���s������c������������C���s����|��i��S(����N(����R����(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyt
���getAliases9���s������c������������C���sŽ���d��|��i��ƒ��|��i��ƒ��|��i��ƒ��f���}��t��|��i��ƒ��ƒ��d��j��o!��|��d��d��i��|��i��ƒ��ƒ���7}��n���|��i��ƒ��d��j��o���|��d��|��i��ƒ���7}��n���|��S(����Ns����%s %d/%si����s���� %st���� R ���s���� # %s(����R����R����R����t����lenR����t����joinR����(����R����t����s(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����__str__;���s������%���!�����(����t����__name__t
���__module__R����R����R����R����R����R����R����R����R����R����R����R����R"���t����__repr__(����(����(����s1���/usr/share/system-config-firewall/etc_services.pyR��������s������ � � � � � � � � � � � � �t ���_Servicesc������������B���s����e��Z��d��„��Z��d��„��Z��RS(����c������������C���s����t��i��|��ƒ���|��i��ƒ���d��S(����N(����t����listR����t����load(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyR����E���s������
�c���� ���
���C���s����y��t��t��d��ƒ��}��Wn���t��j
�o����}���|��GHd��S�XxÅ�|��i��ƒ��D]·�}��|��p���Pn���t��|��ƒ��d��j��p���|��d���d��j��o���q>�n���|��i��ƒ��}��|��i��d��ƒ��}��t��|��ƒ��d��j��o���q>�n���|��d���}��t��|��ƒ��d��j��o���|��d���i��ƒ��}��n���d��}��t��|��ƒ��d��j��o���q>�n���|��i��ƒ��}��t��|��ƒ��d��j��o���q>�n���t��ƒ��}��|��i �|��d���ƒ���|��d��j��o���|��i
�|��ƒ���n���|��d���i��d��ƒ��}��t��|��ƒ��d��j��o���q>�n���y��t��|��d���ƒ��}��Wn���t��j
�o
�����q>�n���X|��i
�|��ƒ���|��i��|��d���ƒ���|��i��|��d���ƒ���|��i��|��ƒ���q>�W|��i��ƒ���d��S(����Nt����ri����i����t����#i����t����/(����t����opent����ETC_SERVICESt ���Exceptiont
���xreadlinesR����t����stript����splitt����NoneR����R����R����R����R����R����R����R����t����appendt����close( ���R����t����fdt����msgt����linet����pR����t����servicet����p2R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyR(���I���sP���������������
�������$�����������
����������������� ���
�����������������
�������(����R#���R$���R����R(���(����(����(����s1���/usr/share/system-config-firewall/etc_services.pyR&���D���s������ �N(����(����R-���R����R����R'���R&���t����services(����(����(����s1���/usr/share/system-config-firewall/etc_services.pyt��������s������ ��&�;PK��������ƒU�[�Æ ��B���B��
���fw_parser.pyonu��W+A„¶���������Ñò
íðeTc������������@���s ���d��d��k��l��Z���d��d��k��l��Z��l��Z��l��Z��l��Z��l��Z��l��Z��l��Z���d��d��k �Z �d��d��k
�l��Z��l��Z��l
�Z
�l��Z��l��Z���d��d��k��l��Z���d��d��k��l��Z���d��d��k��Z��d��d��k��Z��d��„��Z��d��„��Z��d��„��Z��d �„��Z��d
�„��Z��d��„��Z��d��„��Z��d
�e��f��d��„��ƒ��YZ��d��„��Z �d��„��Z!�d��„��Z"�d��d��„��Z$�d��e��f��d��„��ƒ��YZ%�d��d��„��Z&�d��e'�d��d��„��Z(�d��d��d��„��Z)�d��d��e'�d��„��Z*�d��d��e'�d��„��Z+�d��„��Z,�d��S(����iÿÿÿÿ(����t����copy(����t����Optiont����OptionErrort����OptionParsert����Valuest
���SUPPRESS_HELPt����BadOptionErrort����OptionGroupN(����t ���getPortIDt����getPortRanget����getServiceNamet����checkIPt����checkInterface(����t����getByKeyc������������C���s6���t��}��y��|��i��d��ƒ��\��}��}��Wn
����t��}��n™�Xt��|��i��ƒ��ƒ��}��|��d��j��o
��t��}��np��|��d��j��o���t��t��d��ƒ��|���|��ƒ��‚��nF��t��|��ƒ��d��j��o2��|��d���|��d���j��o���t��t��d��ƒ��|���|��ƒ��‚��n���|��p:��|��i��ƒ��}��|��d��j��o���t��t��d
�ƒ��|���|��ƒ��‚��q���n���|��o���t��t��d��ƒ��|���|��ƒ��‚��n���|��|��f��S(
���Nt����:iÿÿÿÿs����port range %s is not unique.i����i����i����s1���%s is not a valid range (start port >= end port).t����tcpt����udps����%s is not a valid protocol.s����invalid port definition %s.(����R����R����( ���t����Falset����splitt����TrueR ���t����stript����NoneR����t����_t����len(����t����optiont����optt����valuet����failuret����portst����protocolt����range(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_check_port����s(�������������
���
�
�
���(���������
�!�����c������������C���s����d��}��d��}��|��i��d��d��ƒ��}��t��|��ƒ��d��j��o8��|��d���t��i��j��o$��|��d���}��|��d���i��d��d��ƒ��}��n���t��|��ƒ��d��j��o8��|��d���t��i��j��o$��|��d���}��|��d���i��d��d��ƒ��}��n���d��i��|��ƒ��}��|��d��j��o&��|��d��j��o���t��t��d��ƒ��|��ƒ��‚��n���|��|��|��f��S( ���Nt����ipv4t����filterR����i����i����t����ipv6t����nats����ipv6 has no nat support.(����R����R����t ���fw_configt����FIREWALL_TYPESt����FIREWALL_TABLESt����joinR����R����(����R����R����R����t����typet����tablet����splitst����filename(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_check_rulesfile6���s������������'�
���'�
���������c������������C���s.���t��|��ƒ��p���t��t��d��ƒ��|���|��ƒ��‚��n���|��S(����Ns����invalid service '%s'.(����t����getServiceByKeyR����R����(����R����R����R����(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_check_serviceG���s������
���c������������C���sB���t��|��ƒ��p1��h��|��d��6|��d��6}��t��t��d��ƒ��|���|��ƒ��‚��n���|��S(����NR����R����s1���option %(option)s: invalid icmp type '%(value)s'.(����t����getICMPTypeByKeyR����R����(����R����R����R����t����dict(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_check_icmp_typeL���s
�����
�������c����
�������C���s€���h��}��d��}��|��i��d��d��ƒ��}��xw�t��|��ƒ��d��j��oc��|��d���i��d��ƒ��}��t��|��ƒ��d��j��o���t��d��ƒ��|��d����}��Pn���|��\��}��}��|��d��j��o
��t��|��ƒ��p4��|��d��j��o
��|��d��j��p���|��d��j��o���t��|��ƒ��o���|��|��|�����Ns ���--enabledt����actiont
���store_trueRD���t����enabledt����defaultt����helps����Enable firewall (default)s
���--disabledt����store_falses����Disable firewalls����--addmodulet����callbackt
���add_moduleR(���t����stringt����metavars����s����Enable an iptables modules����--removemodulet
���remove_modules����Disable an iptables modules����-ss ���--servicet����servicesRN���s ���s*���Open the firewall for a service (e.g, ssh)s����-ps����--portR����R6���s����[-]:s2���Open specific ports in the firewall (e.g, ssh:tcp)s����-ts����--trustt����trustRQ���s����s)���Allow all traffic on the specified devices����-ms����--masqt����masqsA���Masquerades traffic from the specified device. This is IPv4 only.s����--highs����--mediums-���Backwards compatibility, aliased to --enableds����--custom-rulest����custom_rulesRM���s����[:][:]s¿���Specify a custom rules file for inclusion in the firewall, after the default rules. Default protocol type: ipv4, default table: filter. (Example: ipv4:filter:/etc/sysconfig/ipv4_filter_addon)s����--forward-portRO���sf���if=:port=:proto=[:toport=][:toaddr=]sÑ���Forward the port with protocol for the interface to either another local destination port (no destination address given) or to an other destination address with an optional destination port. This is IPv4 only.s����--block-icmpt
���block_icmpRP���s����s>���Block this ICMP type. The default is to accept all ICMP types.(����t
���add_optionR����R����RK���(����RG���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_addStandardOptions˜���sh���������
�����
�������
�������
���������
���������
�������
�������
�����
���������
�����������
�����������c�������� ���C���ss���|��i��d��d��d��d��d��d��t��d��ƒ��ƒ���|��i��d��d��d��d��d �d��t��d
�ƒ��ƒ���|��i��d��d��d��d��d��d��t��d
�ƒ��ƒ���d��S(����Ns
���--no-ipsecRV���RW���RD���t����no_ipsecRZ���s*���Disable Internet Protocol Security (IPsec)s����--no-ippt����no_ipps(���Disable Internet Printing Protocol (IPP)s ���--no-mdnst����no_mdnss����Disable Multicast DNS (mDNS)(����Rf���R����(����RG���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_addCompatOptions���s����������
�����
�����c������������C���s¶���t��|��t��d��ƒ��t��d��ƒ��ƒ��}��|��i��d��d��d��d��d��d��d �d
�t��d��ƒ��d��t��i��d
�t��d��ƒ��d��i��t��i��ƒ���ƒ���|��i��d��d��d��d��d��d��d��d
�t��d��ƒ��d
�t��d��ƒ��ƒ���|��i��|��ƒ���d��S(����Ns����SELinux Options (deprecated)s‰���Using these options with no additional firewall options will not create or alter firewall configuration, only SELinux will be configured.s ���--selinuxRV���t����storeRD���t����selinuxR(���t����choiceR_���s����t����choicesRZ���s����Configure SELinux mode: %ss����, s
���--selinuxtypet����selinuxtypeR^���s����s9���Configure SELinux type: Usually targeted or strict Policy(����R����R����Rf���R$���t
���SELINUX_MODESR'���t����add_option_group(����RG���t����group(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_addSELinuxOptions��s���������������� ���������
�c������������C���sø���y��|��i��|��|��ƒ��\��}��}��Wn#��t��j
�o����}���|��i��|��ƒ���d��S�Xt��|��ƒ��d��j��o,��x)�|��D]��}��|��i��t��d��ƒ��|���ƒ���q\�Wn���|��i��o/��t��i��o���t��i��i �d��ƒ���qº��t
�i��d��ƒ���n���t��|��d��ƒ��p
��d��|��_
�n���t��|��d��ƒ��p
��t��|��_��n���|��S(����Ni����s����no such option: %si����R+���t ���converted(����t
���parse_argst ���ExceptionR8���R����R����R����t����_fw_exitR$���t����uit
���parse_exitt����syst����exitt����hasattrR+���R����Ru���(����RG���RH���t����optionst����_optionst����_argsR8���t����arg(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_parse_argsú���s$�����������
�����������
�
�������
���
�t
���_OptionParserc������������B���s\���e��Z��d �d��„��Z��d �d��„��Z��d��d �d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z �d��„��Z
�RS(
���c������������C���sl���|��d��j��o
��t��i��}��n���|��i��ƒ��}��t��|��t��ƒ��o%��|��i��|��ƒ��}��|��i��|��d��ƒ��}��n���|��i��|��ƒ���d��S(����Nt����replace( ���R����R{���t����stdoutt����format_helpt
���isinstancet����unicodet
���_get_encodingt����encodet����write(����t����selft����filet����strt����encoding(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt
���print_help����s������
�
���������c������������C���s����d��S(����N(����(����RŒ���R���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����print_usage����s������i����c������������C���sQ���|��o/��t��i��o���t��i��i��|��ƒ���q6��t��i���|���IJn���t��i��p
��t��|��_��n���d��S(����N(����R$���Ry���t����parse_errorR{���t����stderrR����Rx���(����RŒ���t����statust����msg(����(����s.���/usr/share/system-config-firewall/fw_parser.pyR|�������s��������
�����
�c������������C���sD���|��i��o���d��|��i��|��f���}��n
��t��|��ƒ��}��|��i��d��d��|��ƒ���d��S(����Ns����%s: %si����R•���(����t
���_fw_sourceRŽ���R|���(����RŒ���R•���t����text(����(����s.���/usr/share/system-config-firewall/fw_parser.pyR8���$���s������
�����c������������C���s(���|��i��i��|��ƒ��o���|��S�t��|��ƒ��‚��d��S(����N(����t ���_long_optt����has_keyR����(����RŒ���R����(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_match_long_opt*���s����������c������������C���s=���y��|��i��|��|��ƒ���Wn"��t��j
�o����}���|��i��|��ƒ���n���Xd��S(����N(����t����_OptionParser__process_long_optRw���R8���(����RŒ���t����rargsRC���R•���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_process_long_opt.���s������������c������������C���s@���y��t��i��|��|��|��ƒ���Wn"��t��j
�o����}���|��i��|��ƒ���n���Xd��S(����N(����R����t����_process_short_optsRw���R8���(����RŒ���Rœ���RC���R•���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyRž���5���s������������c������������C���sÈ���|��i��d��ƒ��}��d��|��j��o"��|��i��d��d��ƒ��\��}��}��t��}��n
��|��}��t��}��|��i��|��ƒ��}��|��i��|���}��|��i��ƒ��o���|��i��}��t��|��ƒ��t �|��ƒ���|��j��oW��|��d��j��o���|��i
�t��d��ƒ��|���ƒ���q‚��h��|��d��6|��d��6} �|��i
�t��d��ƒ��| ��ƒ���q®��|��d��j��o���|��o
��|��}
�q®��|��d��j��o���|��i��d��ƒ��}
�q®��|��o0��t��|��g��|��d��|��d���!�ƒ��}
�|��d��|��d���5q®��t��|��d��|��!ƒ��}
�|��d��|��5n)��|��o���|��i
�t��d��ƒ��|���ƒ���n���d��}
�|��i��|��|
�|��|��ƒ���d��S( ���Ni����R2���i����s����%s option requires an argumentR����R9���s.���%(option)s option requires %(count)s argumentss����%s option does not take a value(����R:���R����R����R����Rš���R˜���t����takes_valuet����nargsR����t����intR8���R����t����tupleR����t����process(����RŒ���Rœ���RC���R���R����t����next_argt����had_explicit_valueR����R ���R0���R����(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����__process_long_opt;���s:�������
���
�������
�
� ���
�����������
�
�������������������N(����RR���RS���R����R���R‘���R|���R8���Rš���R���Rž���R›���(����(����(����s.���/usr/share/system-config-firewall/fw_parser.pyRƒ�������s������� ���� � � � �c������������C���s+���t��d��t��d��t��ƒ��}��|��|��_��t��|��_��|��S(����Nt����add_help_optiont����option_class(����Rƒ���R����RL���R–���Rx���(����t����sourceRG���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����_gen_parsere���s�������� � �c������������C���s;���t��|��ƒ��}��t��|��ƒ���|��o���t��|��ƒ���n���t��|��|��|��ƒ��S(����N(����Rª���Rg���Rk���R‚���(����RH���R~���t����compatR©���RG���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����parseSysconfigArgsk���s
�������
�����c������������C���s&���t��|��ƒ��}��t��|��ƒ���t��|��|��|��ƒ��S(����N(����Rª���Rt���R‚���(����RH���R~���R©���RG���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����parseSELinuxArgsr���s��������
�c������������C���sŽ���t��ƒ��}��|��i��d��d��d��d��d��d��d��t��d��ƒ��ƒ���|��i��d��d �d��d
�d��d��d��t��d
�ƒ��ƒ���|��i��d��d��d��d
�d��d��d��t��d��ƒ��ƒ���|��i��d��d��d
�d��d��d��t��d��ƒ��ƒ���|��i��d��d��d��d
�d��d��d��t��d��ƒ��ƒ���|��i��d��d��d
�d��d��d��t��d��ƒ��ƒ���|��i��d��d��d
�d��d��d��t��d��ƒ��ƒ���|��i��d��d��d �d��d!�d"�d#�d$�t��d%�ƒ��d&�t��i��d��t��d'�ƒ��d(�i��t��i��ƒ���ƒ���|��i��d)�d��d
�d��d*�d��t��d+�ƒ��ƒ���|��i��d,�d��d
�d��d-�d��t��d.�ƒ��ƒ���t��|��ƒ���t��|��ƒ���t��t �i
�ƒ��d/�j��o���|��i��ƒ���t �i��d0�ƒ���n���t
�|��|��|��ƒ��}��t��|��_��|��d��j��ok��|��od��t��}��t��}��x5�t �i
�d1��D]&�}��|��i��d2�ƒ��o
��t��}��q@��t��}��q@�W|��o���|���o
��t��|��_��qŠ��n���|��S(3���Ns����-?s����-hs����--helps����--usageRV���RZ���s����Show this help messages����-qs����--quietRW���RD���t����quiets9���Run noninteractively; process only command-line argumentss����-vs ���--verboset����verboses����Be more verboses ���--versiont����versions����Show versions����-ns ���--nostartt����nostarts<���Configure firewall but do not activate the new configurations����-ft����forces����Ignore actual settingss����--updatet����updates‰���Update firewall non-interactively if the firewall is enabled. This will also restart the firewall. The -n and -f options will be ignored.s ���--defaultRl���RY���R(���Rn���R_���s����Ro���sJ���Set firewall default type: %s. This overwrites any existing configuration.s����, s����--list-servicest
���list_servicess����List predefined services.s����--list-icmp-typest����list_icmp_typess����List the supported icmp types.i����i����i����s ���--selinux(����Rª���Rf���R����R$���t
���DEFAULT_TYPESR'���Rt���Rg���R����R{���t����argvR���R|���R‚���R����t����nofwR����t
���startswithR����(����RH���R~���R«���RG���R���Rm���t����firewallR���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt����parseLokkitArgsw���sd����� ���
�����
�����
�����
�����
�����
�����
������� �������
�����
�
�
���
����� �������������
�
�����c������������C���s����t��ƒ��}��|��i��d��d��d��d��d��d��d��t��d��ƒ��ƒ���|��i��d �d
�d��d��d��d��d��t��d��ƒ��ƒ���|��i��d
�d��d��d��d��d��t��d��ƒ��ƒ���|��i��d��d��d��d��d��d��t��d��ƒ��ƒ���|��i��d��d��d��d��d��d��d��d��t��d��ƒ��d��t��i��d��t��d��ƒ��d��i��t��i��ƒ���ƒ���t��|��ƒ���t��|��ƒ���t��|��|��|��ƒ��S(����Ns����-vs ���--verboseRV���RW���RD���R¯���RZ���s����Be more verboses����-ns ���--nostartR±���s<���Configure firewall but do not activate the new configurations����-fR²���s����Ignore actual settingss����--updateR³���s‰���Update firewall non-interactively if the firewall is enabled. This will also restart the firewall. The -n and -f options will be ignored.s ���--defaultRl���RY���R(���Rn���R_���s����Ro���sJ���Set firewall default type: %s. This overwrites any existing configuration.s����, ( ���Rª���Rf���R����R$���R¶���R'���Rt���Rg���R‚���(����RH���R~���R«���RG���(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt
���parseDBUSArgsµ���s*����� �����
�����
�����
�����
������� ���
�
�c������������C���s+���|��p���d��S�t��ƒ��}��t��|��i��ƒ��|��_��|��S(����N(����R����R����R����t����__dict__(����RC���t
���new_values(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt
���copyValues���s
��������� ���(-���R����t����optparseR����R����R����R����R����R����R����R$���t����fw_functionsR����R ���R
���R����R����t����fw_servicesR
���R-���t����fw_icmpR/���t����os.patht����osR{���R����R,���R.���R1���R@���RA���RK���RL���Rg���Rk���Rt���R����R‚���Rƒ���Rª���R����R¬���R���R»���R¼���R¿���(����(����(����s.���/usr/share/system-config-firewall/fw_parser.pyt��������s4�����4���(��������� � � � � / � ��� D � ����V�������>��PK��������ƒU�[½ê ð—���—�������fw_sysconfig.pyonu��W+A„¶���������Ñò
íðeTc��������
���@���s«���d��d��k��Z��d��d��k��l��Z��l��Z��l��Z��l��Z���d��d��k��l��Z���d��d��k �Z �d��d��k
�Z
�d��d��k��Z��d��„��Z��d��e��d��d��„��Z��d��e��d��„��Z��d��„��Z��d��„��Z��d �„��Z��d��S(
���iÿÿÿÿN(����t
���OLD_CONFIGt����CONFIGt
���IP4TABLES_CFGt
���IP6TABLES_CFG(����t����parseSysconfigArgsc������������C���s����d��}��t��i��i��t��ƒ��o���t��i��i��t��ƒ��o
��t��}��n1��t��i��i��t��ƒ��o���t��i��i��t��ƒ��o
��t��}��n���y��t��|��d��ƒ��}��Wn�����d��SXg��}��xd�|��i��ƒ��D]V�}��|��p���Pn���|��i �ƒ��}��t
�|��ƒ��d��j��p���|��d���d��j��o���q—�n���|��i��|��ƒ���q—�W|��i��ƒ���|��|��f��S(����Nt����ri����i����t����#(
���t����Nonet����ost����patht����existsR����t����isfileR����t����opent
���xreadlinest����stript����lent����appendt����close(����t����filenamet����fdt����argvt����line(����(����s1���/usr/share/system-config-firewall/fw_sysconfig.pyt����read_sysconfig_args����s(�������&�
�&�
�����������
���������$�����
�c������������C���sa���t��|��d��|��d��|��d��|��ƒ��}��|��p���d��S�|��|��_��|��i��t��j��o���t��i��|��ƒ���t��|��_��n���|��S(����Nt����optionst����compatt����source(����R����R����R����R����t ���fw_compatt����convertToServicest����Truet ���converted(����t����argst����merge_configR����R����t����config(����(����s1���/usr/share/system-config-firewall/fw_sysconfig.pyt����parse_sysconfig_args1���s�������� ����� ���
�
�c������������C���s0���t��ƒ��}��|��p���|��S�t��|��d���|��|��|��d���ƒ��S(����Ni����i����(����R����R!���(����R����R����R����(����(����s1���/usr/share/system-config-firewall/fw_sysconfig.pyt����read_sysconfig_config<���s������ �����c������������C���s���t��i��i��|��ƒ��o'��y��t��i��|��d��|���ƒ���Wq:����t��SXn���y��t��|��d��ƒ��}��Wn�����t��SXt��i��|��d��ƒ���|��i��d��ƒ���|��i��d��ƒ���|��i �t
�j��o���|��i��d��ƒ���n"��|��i �t��j��o���|��i��d��ƒ���n���|��i��o)��x&�|��i��D]��}��|��i��d��|���ƒ���qØ�Wn���|��i��o)��x&�|��i��D]��}��|��i��d �|���ƒ���q��Wn���|��i
�o]��t��|��i
�ƒ��d
�j��oG��xD�|��i
�D]5�\��}��}��|��i��d��d��i��t��t��|��ƒ��ƒ��|��f���ƒ���qT�Wn���|��i��oH��t��|��i��ƒ��d
�j��o2��x/�|��i��D] �}��|��i��d
�d��i��|��ƒ���ƒ���q»�Wn���|��i��o)��x&�|��i��D]��}��|��i��d��|���ƒ���q÷�Wn���|��i��o)��x&�|��i��D]��}��|��i��d��|���ƒ���q*�Wn���|��i��o ��x��|��i��D]��} �t��| �d���ƒ��d��j��o���d��| �d���d
���}
�n!��d��| �d���d
��| �d���d���f���}
�d��| �d���|
�| �d���f���}��| �i��d��ƒ��oY��t��| �d���ƒ��d��j��o���|��d��| �d���d
���7}��q4��|��d��| �d���d
��| �d���d���f���7}��n���| �i��d��ƒ��o���|��d��| �d����7}��n���|��i��d��|���ƒ���q]�Wn���|��i��ƒ���t
�S(����Ns����%s.oldt����wi€���s0���# Configuration file for system-config-firewall
s����
s
���--enabled
s����--disabled
s����--trust=%s
s
���--masq=%s
i����s
���--port=%s:%s
t����-s����--custom-rules=%s
t����:s
���--service=%s
s����--block-icmp=%s
t����porti����s����%ss����%s-%ss����if=%s:port=%s:proto=%st����ift����protot����toports
���:toport=%ss
���:toport=%s-%st����toaddrs
���:toaddr=%ss����--forward-port=%s
(����R����R ���R
���t����shutilt����copy2t����FalseR����t����chmodt����writet����enabledR����t����trustt����masqt����portsR����t����joint����mapt����strt����custom_rulest����servicest
���block_icmpt����forward_portt����has_keyR����(����R����t����confR����t����devR3���R(���t����customt����servicet����icmpt����fwdR&���R����(����(����s1���/usr/share/system-config-firewall/fw_sysconfig.pyt����write_sysconfig_configB���sr������������� �����������
�
���������
�
�����
�
����� �
���1� �
���"�
�
�����
�
�����
�
������� �������������������
�c������������C���s~���t��}��t��i��t��ƒ��}��y��|��i��ƒ���Wn
����t��}��n��Xt��}��t��i��t��ƒ��}��y��|��i��ƒ���Wn
����t��}��n��Xh��}��h��}��x“�t��i��D]ˆ�}��|��p*��|��i �|��i
�|��i���ƒ��d��j��|��|��i���������������������������������
�
�
���
�#���
���
�#�����
�������(����t����os.pathR����t ���fw_configR����R����R����R����t ���fw_parserR����R����RG���R+���R����R����R-���R!���R"���RB���RV���R\���(����(����(����s1���/usr/share/system-config-firewall/fw_sysconfig.pyt��������s������"��������� ����� @ -PK��������ƒU�[Çú²�½ ��½ ��
���fw_config.pycnu��W+A„¶���������Ñò
íðeTc������������@���s.���d��d��k��Z��e��i��e��i��d��ƒ���d��Z��d��d��k��Z��d��„��Z��d��d��k��Z��e��e��i��d������s����t����_s����/usr/share/s����.glades����(C) 2007-2009 Red Hat, Inc.s����1.2.27s$���Thomas Woerner s!���Chris Lumens s!���Florian Festi s����Brent Fox sc���This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see .s����/etc/sysconfig/iptabless����/etc/sysconfig/ip6tabless����/etc/sysconfig/iptables-configs����/etc/sysconfig/ip6tables-configs%���/etc/sysconfig/system-config-firewalls*���/etc/sysconfig/system-config-securitylevels����/etc/selinux/configs����/etc/sysconfig/selinuxs����/etc/sysctl.conft����pppt����isdnt����ipppt����tunt����wlant����ipv4t����ipv6t����manglet����natt����filtert����servert����desktopt ���enforcingt
���permissivet����disabledt����targeted(!���t����localet ���setlocalet����LC_ALLR����R����R����t����__builtin__t����__dict__t����Nonet����uit����APP_NAMEt����DATADIRt
���GLADE_NAMEt ���COPYRIGHTt����VERSIONt����AUTHORSt����LICENSEt����IP4TABLES_RULESt����IP6TABLES_RULESt
���IP4TABLES_CFGt
���IP6TABLES_CFGt����CONFIGt
���OLD_CONFIGt ���SE_CONFIGt
���OLD_SE_CONFIGt
���SYSCTL_CONFIGt����STD_DEVICESt����FIREWALL_TYPESt����FIREWALL_TABLESt
���DEFAULT_TYPESt
���SELINUX_MODESt����DEFAULT_SELINUX_MODEt����DEFAULT_SELINUX_TYPE(����(����(����s.���/usr/share/system-config-firewall/fw_config.pyt��������sD����������� ���
�����
�
����������� ���
������������������������������PK��������ƒU�[©@é@������������fw_functions.pynu��W+A„¶���������#
# Copyright (C) 2007, 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
import socket, types
def getPortID(port):
if isinstance(port, types.IntType):
id = port
else:
if port:
port = port.strip()
try:
id = int(port)
except:
try:
id = socket.getservbyname(port)
except:
return -1
if id > 65535:
return -1
return id
def getPortRange(ports):
if isinstance(ports, types.IntType):
id = getPortID(ports)
if id >= 0:
return (id,)
return -1
splits = ports.split("-")
matched = [ ]
for i in xrange(len(splits), 0, -1):
id1 = getPortID("-".join(splits[:i]))
port2 = "-".join(splits[i:])
if len(port2) > 0:
id2 = getPortID(port2)
if id1 >= 0 and id2 >= 0:
if id1 < id2:
matched.append((id1, id2))
elif id1 > id2:
matched.append((id2, id1))
else:
matched.append((id1, ))
else:
if id1 >= 0:
matched.append((id1,))
if i == len(splits):
# full match, stop here
break
if len(matched) < 1:
return -1
elif len(matched) > 1:
return None
return matched[0]
def getServiceName(port, proto):
try:
name = socket.getservbyport(int(port), proto)
except:
return None
return name
def catFile(fd, filename):
try:
source_fd = open(filename, "r")
except:
return False
for line in source_fd.xreadlines():
fd.write(line)
source_fd.close()
return True
def checkIP(ip):
if ip != "":
splits = ip.split(".")
if len(splits) != 4:
return False
for i in xrange(len(splits)):
try:
l = int(splits[i])
except:
return False
if l < 0 or l > 255:
return False
return True
def checkInterface(iface):
if not iface or len(iface) > 16:
return False
for ch in [ ' ', '/', '!', ':', '*' ]:
# !:* are limits for iptables <= 1.4.5
if ch in iface:
return False
if iface == "+":
# limit for iptables <= 1.4.5
return False
return True
PK��������ƒU�[®ÐNöÕ
��Õ
������fw_config.pynu��W+A„¶���������#
# Copyright (C) 2007-2009 Red Hat, Inc.
# Authors:
# Thomas Woerner
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
# translation
import locale
locale.setlocale(locale.LC_ALL, "")
DOMAIN = 'system-config-firewall'
import gettext
_ = lambda x: gettext.ldgettext(DOMAIN, x)
import __builtin__
__builtin__.__dict__['_'] = _
# global ui reference for parser
ui = None
# configuration
APP_NAME = 'system-config-firewall'
DATADIR = '/usr/share/' + APP_NAME
GLADE_NAME = APP_NAME + '.glade'
COPYRIGHT = '(C) 2007-2009 Red Hat, Inc.'
VERSION = '1.2.27'
AUTHORS = [
"Thomas Woerner ",
"Chris Lumens ",
"Florian Festi ",
"Brent Fox ",
]
LICENSE = _(
"This program is free software; you can redistribute it and/or modify "
"it under the terms of the GNU General Public License as published by "
"the Free Software Foundation; either version 2 of the License, or "
"(at your option) any later version.\n"
"\n"
"This program is distributed in the hope that it will be useful, "
"but WITHOUT ANY WARRANTY; without even the implied warranty of "
"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the "
"GNU General Public License for more details.\n"
"\n"
"You should have received a copy of the GNU General Public License "
"along with this program. If not, see .")
IP4TABLES_RULES = '/etc/sysconfig/iptables'
IP6TABLES_RULES = '/etc/sysconfig/ip6tables'
IP4TABLES_CFG = '/etc/sysconfig/iptables-config'
IP6TABLES_CFG = '/etc/sysconfig/ip6tables-config'
CONFIG = '/etc/sysconfig/system-config-firewall'
OLD_CONFIG = '/etc/sysconfig/system-config-securitylevel'
SE_CONFIG = '/etc/selinux/config'
OLD_SE_CONFIG = '/etc/sysconfig/selinux'
SYSCTL_CONFIG = '/etc/sysctl.conf'
STD_DEVICES = [ "ppp", "isdn", "ippp", "tun", "wlan" ]
FIREWALL_TYPES = [ "ipv4", "ipv6" ]
FIREWALL_TABLES = [ "mangle", "nat", "filter" ]
DEFAULT_TYPES = [ "server", "desktop" ]
SELINUX_MODES = [ "enforcing", "permissive", "disabled" ]
DEFAULT_SELINUX_MODE = "enforcing"
DEFAULT_SELINUX_TYPE = "targeted"
PK��������ƒU�[?Ûy"¶���¶�������etc_services.pyonu��W+A„¶���������Ñò
íðeTc������������@���sE���d��Z��d��„��Z��d��d��d��„��ƒ��YZ��d��e��f��d��„��ƒ��YZ��e��ƒ��Z��d��S(����s
���/etc/servicesc������������C���s/���y��t��|��ƒ��}��Wn���t��j
�o������d��S�Xd��Sd��S(����Ni����i����(����t����intt
���ValueError(����t����stringt����i(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����isNumber����s
�������������t����_Servicec������������B���sƒ���e��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z �d��„��Z
�d �„��Z��d
�„��Z��d��„��Z
�d��„��Z��e��Z��RS(
���c������������C���s����|��i��ƒ���d��S(����N(����t����clear(����t����self(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����__init__����s������c������������C���s1���d��|��_��d��|��_��d��|��_��d��|��_��g��|��_��d��S(����Ni����t����(����t����p_idt
���p_protocolt����p_namet
���p_descriptiont ���p_aliases(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyR����!���s
����� � � � �c������������C���s
���|��|��_��d��S(����N(����R
���(����R����t����id(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����setID'���s������c������������C���s����|��i��S(����N(����R
���(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����getId)���s������c������������C���s
���|��|��_��d��S(����N(����R����(����R����t����protocol(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����setProtocol+���s������c������������C���s����|��i��S(����N(����R����(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����getProtocol-���s������c������������C���s
���|��|��_��d��S(����N(����R����(����R����t����name(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����setName/���s������c������������C���s����|��i��S(����N(����R����(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����getName1���s������c������������C���s
���|��|��_��d��S(����N(����R
���(����R����t����description(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����setDescription3���s������c������������C���s����|��i��S(����N(����R
���(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����getDescription5���s������c������������C���s
���|��|��_��d��S(����N(����R����(����R����t����aliases(����(����s1���/usr/share/system-config-firewall/etc_services.pyt
���setAliases7���s������c������������C���s����|��i��S(����N(����R����(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyt
���getAliases9���s������c������������C���sŽ���d��|��i��ƒ��|��i��ƒ��|��i��ƒ��f���}��t��|��i��ƒ��ƒ��d��j��o!��|��d��d��i��|��i��ƒ��ƒ���7}��n���|��i��ƒ��d��j��o���|��d��|��i��ƒ���7}��n���|��S(����Ns����%s %d/%si����s���� %st���� R ���s���� # %s(����R����R����R����t����lenR����t����joinR����(����R����t����s(����(����s1���/usr/share/system-config-firewall/etc_services.pyt����__str__;���s������%���!�����(����t����__name__t
���__module__R����R����R����R����R����R����R����R����R����R����R����R����R"���t����__repr__(����(����(����s1���/usr/share/system-config-firewall/etc_services.pyR��������s������ � � � � � � � � � � � � �t ���_Servicesc������������B���s����e��Z��d��„��Z��d��„��Z��RS(����c������������C���s����t��i��|��ƒ���|��i��ƒ���d��S(����N(����t����listR����t����load(����R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyR����E���s������
�c���� ���
���C���s����y��t��t��d��ƒ��}��Wn���t��j
�o����}���|��GHd��S�XxÅ�|��i��ƒ��D]·�}��|��p���Pn���t��|��ƒ��d��j��p���|��d���d��j��o���q>�n���|��i��ƒ��}��|��i��d��ƒ��}��t��|��ƒ��d��j��o���q>�n���|��d���}��t��|��ƒ��d��j��o���|��d���i��ƒ��}��n���d��}��t��|��ƒ��d��j��o���q>�n���|��i��ƒ��}��t��|��ƒ��d��j��o���q>�n���t��ƒ��}��|��i �|��d���ƒ���|��d��j��o���|��i
�|��ƒ���n���|��d���i��d��ƒ��}��t��|��ƒ��d��j��o���q>�n���y��t��|��d���ƒ��}��Wn���t��j
�o
�����q>�n���X|��i
�|��ƒ���|��i��|��d���ƒ���|��i��|��d���ƒ���|��i��|��ƒ���q>�W|��i��ƒ���d��S(����Nt����ri����i����t����#i����t����/(����t����opent����ETC_SERVICESt ���Exceptiont
���xreadlinesR����t����stript����splitt����NoneR����R����R����R����R����R����R����R����t����appendt����close( ���R����t����fdt����msgt����linet����pR����t����servicet����p2R����(����(����s1���/usr/share/system-config-firewall/etc_services.pyR(���I���sP���������������
�������$�����������
����������������� ���
�����������������
�������(����R#���R$���R����R(���(����(����(����s1���/usr/share/system-config-firewall/etc_services.pyR&���D���s������ �N(����(����R-���R����R����R'���R&���t����services(����(����(����s1���/usr/share/system-config-firewall/etc_services.pyt��������s������ ��&�;PK��������ƒU�[c�]r��������
���fw_compat.pycnu��W+A„¶���������Ñò
íðeTc������������@���s/���d��d��k��l��Z��l��Z���d��d��k��Z��d��„��Z��d��S(����iÿÿÿÿ(����t ���getPortIDt����getServiceNameNc������������C���s©���t��|��i��ƒ��d��j��o���d��S�t��d��ƒ��|��i���GH|��i��}��g��}��g��}��x0�t��i��D]%�}��g��}��|��i��oÞ��t��}��xÛ�|��i��D]Æ�\��}��}��t��|��ƒ��} �t �|��|��ƒ��}
�| �f��|��f��|��i��j��o���|��i
�| �f��|��f��ƒ���qr��|��f��|��f��|��i��j��o���|��i
�|��f��|��f��ƒ���qr��|
�f��|��f��|��i��j��o���|��i
�|
�f��|��f��ƒ���qr��t��}��qr�Wn���t��}��|��o!��|��i
�|��i��ƒ���|��i
�|��ƒ���n���~��qL�W|��i��o9��x6�|��i��D]'�}��|��|��j��o���q‰�n���|��i
�|��ƒ���q‰�Wn���~��t��|��d��ƒ���p���|��i���o"��d��|��j��o���|��i
�d��ƒ���q���n���t��|��d��ƒ���t��|��d��ƒ���p���|��i���o"��d��|��j��o���|��i
�d��ƒ���qQ��n���t��|��d��ƒ���t��|��d��ƒ���p���|��i���o"��d��|��j��o���|��i
�d��ƒ���qœ��n���t��|��d��ƒ���|��|��_��d��S( ���Ni����s
���Converting %st����no_ipsect����ipsect����no_mdnst����mdnst����no_ippt����ipp(����t����lent����servicest����_t����filenamet����fw_servicest����service_listt����portst����TrueR����R����t����appendt����Falset����keyt����extendt����hasattrR����t����delattrR����R����(����t����configR ���R����t����matchedt����svct����_matchedt����all_matchedt����portt����protot����idt����namet����entry(����(����s.���/usr/share/system-config-firewall/fw_compat.pyt����convertToServices����s^����������� �����
�����
���
�������������������������������
�
���
���������
���
���
���
���
���
�(����t����fw_functionsR����R����R����R ���(����(����(����s.���/usr/share/system-config-firewall/fw_compat.pyt��������s��������PK��������ƒU�[Ð2‰�x���x���
���fw_icmp.pynu��W+A„¶���������#
# Copyright (C) 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
from fw_config import _
class _ICMPType:
def __init__ (self, key, name, description=None, type=None):
self.key = key
self.name = name
self.description = description
self.type = type # type None means ipv4 and ipv6
icmp_list = [
_ICMPType("echo-request", _("Echo Request (ping)"),
_("This message is used to test if a host is reachable mostly "
"with the ping utility.")),
_ICMPType("echo-reply", _("Echo Reply (pong)"),
_("This message is the answer to an Echo Request.")),
_ICMPType("destination-unreachable", _("Destination Unreachable"),
_("This error message is generated by a host or gateway if the "
"destination is not reachable.")),
_ICMPType("parameter-problem", _("Parameter Problem"),
_("This error message is generated if the IP header is bad, "
"either by a missing option or bad length.")),
_ICMPType("redirect", _("Redirect"),
_("This error message informs a host to send packets on another "
"route.")),
_ICMPType("router-advertisement", _("Router Advertisement"),
_("This message is used by routers to periodically announce "
"the IP address of a multicast interface.")),
_ICMPType("router-solicitation", _("Router Solicitation"),
_("This message is used by a host attached to a multicast "
"link to request a Router Advertisement")),
_ICMPType("source-quench", _("Source Quench"),
_("This error message is generated to tell a host to reduce the "
"pace at which it is sending packets."),
"ipv4"),
_ICMPType("time-exceeded", _("Time Exceeded"),
_("This error message is generated if the time-to-live was "
"exceeded either of a packet or of the reassembling of a "
"fragmented packet.")),
]
def getByKey(key):
for x in icmp_list:
if x.key == key:
return x
return None
def getByName(name):
for x in icmp_list:
if x.name == name:
return x
return None
PK��������ƒU�[r�����s������(�
�
�
��������4 �PK��������ƒU�[r�����s������(�
�
�
��������4 �PK��������ƒU�[�…<�ˆ ��ˆ ������fw_lokkit.pynu��W+A„¶���������#
# Copyright (C) 2007-2009 Red Hat, Inc.
# Authors:
# Thomas Woerner
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
import fw_config
from fw_parser import parseLokkitArgs, parseDBUSArgs, parseSysconfigArgs, \
parseSELinuxArgs, copyValues
from fw_iptables import *
from fw_sysconfig import *
from fw_sysctl import *
import fw_selinux
import fw_services
import fw_icmp
### parse command line arguments ###
def loadConfig(args=None, dbus_parser=False):
if dbus_parser:
_parseArgs = parseDBUSArgs
else:
_parseArgs = parseLokkitArgs
config = _parseArgs(args)
# load default configuration
if config.default:
config.force = True
# no force mode in update
elif config.update:
config.force = False
old_config = None
old_se_config = None
# force mode: ignore old configuration
# else: use old configuration and command line arguments
if not config.force:
### load original configuration ###
# initialize old_config
old_config = _parseArgs([ ])
# parse /etc/sysconfig/system-config-firewall or
# /etc/sysconfig/system-config-securitylevel
old_config = read_sysconfig_config(old_config)
# reparse lokkit args with a copy of the old configuration
config = _parseArgs(args=args, options=copyValues(old_config))
# parse selinux config
old_se_config = parseSELinuxArgs(fw_selinux.read() or [ ])
# load default configuration
if config.default:
# config.default in [ "server", "desktop" ]
for svc in fw_services.service_list:
if svc.default and config.default in svc.default:
config.services.append(svc.key)
# no force mode in update
elif config.update:
config.quiet = True
config.nostart = False
return (config, old_config, old_se_config)
### update selinux ###
def updateSELinux(config, old_se_config):
se_status = 0
# selinux
if config.selinux or config.selinuxtype:
if old_se_config:
if not config.selinux:
config.selinux = old_se_config.selinux
if not config.selinuxtype:
config.selinuxtype = old_se_config.selinuxtype
if not config.selinux:
config.selinux = fw_config.DEFAULT_SELINUX_MODE
if not config.selinuxtype:
config.selinuxtype = fw_config.DEFAULT_SELINUX_TYPE
if not old_se_config or (config.selinux != old_se_config.selinux or \
config.selinuxtype != old_se_config.selinuxtype):
se_status = int(fw_selinux.write(config) == False)
if se_status != 0:
print _("Failed to write selinux configuration.")
else:
fw_selinux.setenforce(config.selinuxtype)
return se_status
### update firewall ###
def updateFirewall(config, old_config):
c_status = ip4t_status = ip6t_status = 0
log = ""
# write /etc/sysconfig/system-config-securitylevel and
# /etc/sysconfig/system-config-firewall
c_status = int(write_sysconfig_config(fw_config.CONFIG, config) == False)
if c_status != 0:
log += _("Failed to write %s.") % fw_config.CONFIG
log += "\n"
# load ip*tables-config only if there is something to do
if (config.add_module and len(config.add_module) > 0) or \
(config.remove_module and len(config.remove_module) > 0):
# load IPv4 configuration
ip4tables_conf = ip4tablesConfig(fw_config.IP4TABLES_CFG)
try:
ip4tables_conf.read()
except:
pass
# load IPv6 configuration
ip6tables_conf = ip6tablesConfig(fw_config.IP6TABLES_CFG)
try:
ip6tables_conf.read()
except:
pass
_modules = [ ]
_modules.append(ip4tables_conf.get("IPTABLES_MODULES"))
_modules.append(ip6tables_conf.get("IP6TABLES_MODULES"))
# setup modules
for modules in _modules:
if config.add_module:
for module in config.add_module:
modalias = None
if module[:3] == "nf_":
modalias = "ip_"+module[3:]
if module[:3] == "ip_":
modalias = "nf_"+module[3:]
if module not in modules and modalias not in modules:
modules.append(module)
if config.remove_module:
for module in config.remove_module:
modalias = None
if module[:3] == "nf_":
modalias = "ip_"+module[3:]
if module[:3] == "ip_":
modalias = "nf_"+module[3:]
if module in modules:
modules.remove(module)
if modalias in modules:
modules.remove(modalias)
# TODO: check status:
# write IPv4 configuration
ip4tables_conf.write()
# write IPv6 configuration
ip6tables_conf.write()
# update services
if config.enabled or (old_config and old_config.enabled) or config.force:
ip4tables = iptablesClass(fw_config.IP4TABLES_RULES)
ip6tables = ip6tablesClass(fw_config.IP6TABLES_RULES)
if not config.nostart:
# stop ip*tables
ip4t_status = ip4tables.stop(config.verbose)
if ip4t_status != 0:
log += _("Failed to stop %s.") % "iptables"
log += "\n"
ip6t_status = ip6tables.stop(config.verbose)
if ip6t_status != 0:
log += _("Failed to stop %s.") % "ip6tables"
log += "\n"
if config.enabled:
# set ip_forward if masquerading is in use
if config.masq and len(config.masq) > 0:
sysctl = sysctlClass(fw_config.SYSCTL_CONFIG)
sysctl.read()
if sysctl.get("net.ipv4.ip_forward") != "1":
sysctl.set("net.ipv4.ip_forward", "1")
sysctl.write()
sysctl.reload()
# write new config
ip4tables.write(config)
ip6tables.write(config)
if not config.nostart:
# start ip*tables
ip4t_status = ip4tables.start(config.verbose)
if ip4t_status == 150:
# ipv4 disabled, ignore
ip4t_status = 0
if ip4t_status != 0:
log += _("Failed to start %s.") % "iptables"
log += "\n"
ip6t_status = ip6tables.start(config.verbose)
if ip6t_status == 150:
# ipv6 disabled, ignore
ip6t_status = 0
if ip6t_status != 0:
log += _("Failed to start %s.") % "ip6tables"
log += "\n"
else: # old_config and old_config.enabled
# remove configuration files
try:
ip4tables.unlink()
except Exception, msg:
ip4t_status += 1
log += _("Failed to remove %s.") % ip4tables.filename
log += "\n"
if config.verbose:
log += msg + "\n"
try:
ip6tables.unlink()
except Exception, msg:
ip6t_status += 1
log += _("Failed to remove %s.") % ip6tables.filename
log += "\n"
if config.verbose:
log += msg + "\n"
return (c_status, ip4t_status, ip6t_status, log)
PK��������ƒU�[t8k¦ �� ������fw_nm.pynu��W+A„¶���������#!/usr/bin/python
import sys
NM_DBUS_PATH = "/org/freedesktop/NetworkManager"
NM_DBUS_INTERFACE = "org.freedesktop.NetworkManager"
NM_DBUS_SERVICE_SYSTEM_SETTINGS = "org.freedesktop.NetworkManagerSystemSettings"
NM_DBUS_SERVICE_USER_SETTINGS = "org.freedesktop.NetworkManagerUserSettings"
NM_DBUS_IFACE_DEVICE = "org.freedesktop.NetworkManager.Device"
NM_DBUS_IFACE_DEVICE_WIRED = "org.freedesktop.NetworkManager.Device.Wired"
NM_DBUS_IFACE_DEVICE_WIRELESS = "org.freedesktop.NetworkManager.Device.Wireless"
NM_DEVICE_TYPE_UNKNOWN = 0
NM_DEVICE_TYPE_ETHERNET = 1
NM_DEVICE_TYPE_WIFI = 2
NM_DEVICE_TYPE_GSM = 3
NM_DEVICE_TYPE_CDMA = 4
nm_device_type = {
NM_DEVICE_TYPE_UNKNOWN: "unknown type",
NM_DEVICE_TYPE_ETHERNET: "wired Ethernet",
NM_DEVICE_TYPE_WIFI: "802.11 WiFi",
NM_DEVICE_TYPE_GSM: "GSM-based cellular WAN",
NM_DEVICE_TYPE_CDMA: "CDMA/IS-95-based cellular WAN"
}
#####
import dbus
bus = dbus.SystemBus()
def device_list():
devices = { }
for service in [ NM_DBUS_SERVICE_SYSTEM_SETTINGS,
NM_DBUS_SERVICE_USER_SETTINGS ]:
proxy = bus.get_object(service, NM_DBUS_PATH)
iface = dbus.Interface(proxy, dbus_interface=NM_DBUS_INTERFACE)
try:
device_list = iface.GetDevices()
except:
continue
for c in device_list:
proxy = bus.get_object(service, c)
properties = dbus.Interface(proxy, dbus_interface='org.freedesktop.DBus.Properties')
interface = properties.Get(NM_DBUS_IFACE_DEVICE, 'Interface')
device_type = properties.Get(NM_DBUS_IFACE_DEVICE,
'DeviceType')
if device_type == NM_DEVICE_TYPE_ETHERNET:
hwaddr = properties.Get(NM_DBUS_IFACE_DEVICE_WIRED,
'HwAddress')
elif device_type == NM_DEVICE_TYPE_WIFI:
hwaddr = properties.Get(NM_DBUS_IFACE_DEVICE_WIRELESS,
'HwAddress')
else:
continue
devices[str(interface)] = {
"type": nm_device_type[device_type],
"hwaddr": str(hwaddr),
}
return devices
PK��������ƒU�[¹#ã¯Ó ��Ó ������fw_compat.pynu��W+A„¶���������#
# Copyright (C) 2007, 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
from fw_functions import getPortID, getServiceName
import fw_services
def convertToServices(config):
if len(config.services) > 0:
return
print _("Converting %s") % config.filename
services = config.services
ports = [ ]
matched = [ ]
for svc in fw_services.service_list:
_matched = [ ]
if config.ports:
all_matched = True
for (port, proto) in svc.ports:
id = getPortID(port)
name = getServiceName(port, proto)
if ((id,), proto) in config.ports:
_matched.append(((id,), proto))
elif ((port,), proto) in config.ports:
_matched.append(((port,), proto))
elif ((name,), proto) in config.ports:
_matched.append(((name,), proto))
else:
all_matched = False
else:
all_matched = False
if all_matched:
services.append(svc.key)
matched.extend(_matched)
del _matched
if config.ports:
for entry in config.ports:
if entry in matched:
continue
ports.append(entry)
del matched
if not hasattr(config, "no_ipsec") or not config.no_ipsec:
if not "ipsec" in services:
services.append("ipsec")
else:
delattr(config, "no_ipsec")
if not hasattr(config, "no_mdns") or not config.no_mdns:
if not "mdns" in services:
services.append("mdns")
else:
delattr(config, "no_mdns")
if not hasattr(config, "no_ipp") or not config.no_ipp:
if not "ipp" in services:
services.append("ipp")
else:
delattr(config, "no_ipp")
config.ports = ports
PK��������ƒU�[¬~:LÜ���Ü�������fw_sysctl.pynu��W+A„¶���������#
# Copyright (C) 2007 Red Hat, Inc.
# Authors:
# Thomas Woerner
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
import os, os.path
import tempfile
import shutil
##############################################################################
class sysctlClass:
def __init__(self, filename):
self.filename = filename
self.clear()
def clear(self):
self.p_config = { }
self.p_deleted = [ ]
def get(self, key):
_key = key.strip()
if _key in self.p_config:
return self.p_config[_key]
return None
def set(self, key, value):
_key = key.strip()
self.p_config[_key] = value.strip()
if _key in self.p_deleted:
self.p_deleted.remove[_key]
def unset(self, key):
_key = key.strip()
if _key in self.p_config:
del self.p_config[_key]
if not _key in self.p_deleted:
self.p_deleted.append(_key)
def __str__(self):
s = ""
for (key,value) in self.p_config.items():
if s:
s += '\n'
s += '%s = %s' % (key, value)
return s
# load self.filename
def read(self):
self.clear()
file = open(self.filename, "r")
for line in file.xreadlines():
if not line:
break
line = line.strip()
if len(line) < 1 or line[0] in ['#', ';']:
continue
# get key/value pairs
p = line.split("=")
if len(p) != 2:
continue
self.p_config[p[0].strip()] = p[1].strip()
file.close()
# save to self.filename if there are key/value changes
def write(self):
if len(self.p_config) < 1:
# no changes: nothing to do
return
# handled keys
done = [ ]
(temp_file, temp) = tempfile.mkstemp("sysctl.conf")
modified = False
empty = False
file = open(self.filename, "r")
for line in file.xreadlines():
if not line: break
# remove newline
line = line.strip("\n")
if len(line) < 1:
if not empty:
os.write(temp_file, "\n")
empty = True
elif line[0] == '#':
empty = False
os.write(temp_file, line)
os.write(temp_file, "\n")
else:
p = line.split("=")
if len(p) != 2:
empty = False
os.write(temp_file, line+"\n")
continue
key = p[0].strip()
value = p[1].strip()
# check for modified key/value pairs
if key not in done:
if (key in self.p_config and \
self.p_config[key] != value):
empty = False
os.write(temp_file, '%s = %s\n' \
% (key, self.p_config[key]))
modified = True
elif key in self.p_deleted:
modified = True
else:
empty = False
os.write(temp_file, line+"\n")
done.append(key)
else:
modified = True
# write remaining key/value pairs
if len(self.p_config) > 0:
for (key,value) in self.p_config.items():
if key in done:
continue
if not empty:
os.write(temp_file, "\n")
empty = True
os.write(temp_file, '%s = %s\n' % (key, value))
modified = True
file.close()
os.close(temp_file)
if not modified: # not modified: remove tempfile
os.remove(temp)
return
# make backup
if os.path.exists(self.filename):
try:
shutil.copy2(self.filename, "%s.old" % self.filename)
except Exception, msg:
os.remove(temp)
raise IOError, "Backup of '%s' failed: %s" % (self.filename,
msg)
# copy tempfile
try:
shutil.copy(temp, self.filename)
except Exception, msg:
os.remove(temp)
raise IOError, "Failed to create '%s': %s" % (self.filename, msg)
else:
os.remove(temp)
os.chmod(self.filename, 0644)
def reload(self):
return os.system("/sbin/sysctl -p '%s' >/dev/null" % self.filename)
PK��������ƒU�[@D+Ô<
��<
������fw_icmp.pycnu��W+A„¶���������Ñò
íðeTc������������@���s5���d��d��k��l��Z���d��d#�d��„��ƒ��YZ��e��d��e��d��ƒ��e��d��ƒ��ƒ��e��d��e��d��ƒ��e��d �ƒ��ƒ��e��d
�e��d��ƒ��e��d��ƒ��ƒ��e��d
�e��d��ƒ��e��d��ƒ��ƒ��e��d��e��d��ƒ��e��d��ƒ��ƒ��e��d��e��d��ƒ��e��d��ƒ��ƒ��e��d��e��d��ƒ��e��d��ƒ��ƒ��e��d��e��d��ƒ��e��d��ƒ��d��ƒ��e��d��e��d��ƒ��e��d��ƒ��ƒ��g �Z��d �„��Z��d!�„��Z��d"�S($���iÿÿÿÿ(����t����_t ���_ICMPTypec������������B���s����e��Z��d��d��d��„��Z��RS(����c������������C���s(���|��|��_��|��|��_��|��|��_��|��|��_��d��S(����N(����t����keyt����namet����descriptiont����type(����t����selfR����R����R����R����(����(����s,���/usr/share/system-config-firewall/fw_icmp.pyt����__init__����s������ � � �N(����t����__name__t
���__module__t����NoneR����(����(����(����s,���/usr/share/system-config-firewall/fw_icmp.pyR��������s������s����echo-requests����Echo Request (ping)sX���This message is used to test if a host is reachable mostly with the ping utility.s
���echo-replys����Echo Reply (pong)s5���This message is the answer to an Echo Request.s����destination-unreachables����Destination UnreachablesY���This error message is generated by a host or gateway if the destination is not reachable.s����parameter-problems����Parameter Problemsb���This error message is generated if the IP header is bad, either by a missing option or bad length.t����redirectt����RedirectsC���This error message informs a host to send packets on another route.s����router-advertisements����Router Advertisementsa���This message is used by routers to periodically announce the IP address of a multicast interface.s����router-solicitations����Router Solicitationsd���This message is used by a host attached to a multicast link to request a Router Advertisements
���source-quenchs
���Source Quenchsa���This error message is generated to tell a host to reduce the pace at which it is sending packets.t����ipv4s
���time-exceededs
���Time Exceededs‚���This error message is generated if the time-to-live was exceeded either of a packet or of the reassembling of a fragmented packet.c������������C���s*���x#�t��D]��}��|��i��|��j��o���|��S�q��Wd��S(����N(����t ���icmp_listR����R
���(����R����t����x(����(����s,���/usr/share/system-config-firewall/fw_icmp.pyt����getByKey<���s
����������� �c������������C���s*���x#�t��D]��}��|��i��|��j��o���|��S�q��Wd��S(����N(����R����R����R
���(����R����R����(����(����s,���/usr/share/system-config-firewall/fw_icmp.pyt ���getByNameB���s
����������� �N(����(����t ���fw_configR����R����R����R����R����(����(����(����s,���/usr/share/system-config-firewall/fw_icmp.pyt��������s,������������������������������������� ������� �PK��������ƒU�[[
flÛ���Û�������fw_sysconfig.pynu��W+A„¶���������#
# Copyright (C) 2007, 2008, 2014 Red Hat, Inc.
# Authors:
# Thomas Woerner
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
import os.path
from fw_config import OLD_CONFIG, CONFIG, IP4TABLES_CFG, IP6TABLES_CFG
from fw_parser import parseSysconfigArgs
import fw_compat
import fw_iptables
import shutil
def read_sysconfig_args():
filename = None
if os.path.exists(CONFIG) and os.path.isfile(CONFIG):
filename = CONFIG
elif os.path.exists(OLD_CONFIG) and os.path.isfile(OLD_CONFIG):
filename = OLD_CONFIG
try:
fd = open(filename, 'r')
except:
return None
argv = [ ]
for line in fd.xreadlines():
if not line:
break
line = line.strip()
if len(line) < 1 or line[0] == '#':
continue
argv.append(line)
fd.close()
return (argv, filename)
def parse_sysconfig_args(args, merge_config=None, compat=False, filename=None):
config = parseSysconfigArgs(args, options=merge_config, compat=compat,
source=filename)
if not config:
return None
config.filename = filename
if config.filename == OLD_CONFIG:
fw_compat.convertToServices(config)
config.converted = True
return config
def read_sysconfig_config(merge_config=None, compat=False):
args = read_sysconfig_args() # returns: (args, filename) or None
if not args:
return merge_config
return parse_sysconfig_args(args[0], merge_config, compat, args[1])
def write_sysconfig_config(filename, conf):
if os.path.exists(filename):
try:
shutil.copy2(filename, "%s.old" % filename)
except:
return False
try:
fd = open(filename, 'w')
except:
return False
os.chmod(filename, 0600)
fd.write("# Configuration file for system-config-firewall\n")
fd.write("\n")
if conf.enabled == True:
fd.write("--enabled\n")
elif conf.enabled == False:
fd.write("--disabled\n")
if conf.trust:
for dev in conf.trust:
fd.write("--trust=%s\n" % dev)
if conf.masq:
for dev in conf.masq:
fd.write("--masq=%s\n" % dev)
if conf.ports and len(conf.ports) > 0:
for (ports, proto) in conf.ports:
fd.write("--port=%s:%s\n" % ('-'.join(map(str, ports)), proto))
if conf.custom_rules and len(conf.custom_rules) > 0:
for custom in conf.custom_rules:
fd.write("--custom-rules=%s\n" % ":".join(custom))
if conf.services:
for service in conf.services:
fd.write("--service=%s\n" % service)
if conf.block_icmp:
for icmp in conf.block_icmp:
fd.write("--block-icmp=%s\n" % icmp)
if conf.forward_port:
for fwd in conf.forward_port:
if len(fwd["port"]) == 1:
port = "%s" % fwd["port"][0]
else:
port = "%s-%s" % (fwd["port"][0], fwd["port"][1])
line = "if=%s:port=%s:proto=%s" % (fwd["if"], port, fwd["proto"])
if fwd.has_key("toport"):
if len(fwd["toport"]) == 1:
line += ":toport=%s" % fwd["toport"][0]
else:
line += ":toport=%s-%s" % (fwd["toport"][0],
fwd["toport"][1])
if fwd.has_key("toaddr"):
line += ":toaddr=%s" % fwd["toaddr"]
fd.write("--forward-port=%s\n" % line)
fd.close()
return True
def read_service_settings():
# load IPv4 configuration
ipv4_failed = False
ipv4_conf = fw_iptables.ip4tablesConfig(IP4TABLES_CFG)
try:
ipv4_conf.read()
except:
# no or empty config
ipv4_failed = True
# load IPv6 configuration
ipv6_failed = False
ipv6_conf = fw_iptables.ip6tablesConfig(IP6TABLES_CFG)
try:
ipv6_conf.read()
except:
# no or empty config
ipv6_failed = True
ipv4_settings = { }
ipv6_settings = { }
for setting in fw_iptables.setting_list:
if not ipv4_failed:
ipv4_settings[setting.key] = \
(ipv4_conf.get(ipv4_conf.prefix+setting.key) == "yes")
else:
ipv4_settings[setting.key] = setting.iptables
if not ipv6_failed:
ipv6_settings[setting.key] = \
(ipv6_conf.get(ipv6_conf.prefix+setting.key) == "yes")
else:
ipv6_settings[setting.key] = setting.ip6tables
key = "MODULES"
if not ipv4_failed:
ipv4_settings[key] = ipv4_conf.get(ipv4_conf.prefix+key)
else:
ipv4_settings[key] = [ ]
if not ipv6_failed:
ipv6_settings[key] = ipv6_conf.get(ipv6_conf.prefix+key)
else:
ipv6_settings[key] = [ ]
return { "iptables": ipv4_settings, "ip6tables": ipv6_settings }
def write_service_settings(settings):
# load IPv4 configuration
ipv4_failed = False
ipv4_conf = fw_iptables.ip4tablesConfig(IP4TABLES_CFG)
try:
ipv4_conf.read()
except:
# ok: no or empty config
pass
# load IPv6 configuration
ipv6_failed = False
ipv6_conf = fw_iptables.ip6tablesConfig(IP6TABLES_CFG)
try:
ipv6_conf.read()
except:
# ok: no or empty config
pass
yes_no = { True: "yes", False: "no" }
ipv4_settings = settings["iptables"]
ipv6_settings = settings["ip6tables"]
for key in ipv4_settings.keys():
if key != "MODULES":
ipv4_conf.set(ipv4_conf.prefix+key, yes_no[ipv4_settings[key]])
else:
ipv4_conf.set(ipv4_conf.prefix+key, ipv4_settings[key])
for key in ipv6_settings.keys():
if key != "MODULES":
ipv6_conf.set(ipv6_conf.prefix+key, yes_no[ipv6_settings[key]])
else:
ipv6_conf.set(ipv6_conf.prefix+key, ipv6_settings[key])
try:
ipv4_conf.write()
ipv6_conf.write()
except:
return False
return True
PK��������ƒU�[ë$En“���“���
���fw_sysctl.pyonu��W+A„¶���������Ñò
íðeTc������������@���sG���d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��d��„��ƒ��YZ��d��S(����iÿÿÿÿNt����sysctlClassc������������B���sY���e��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z �d��„��Z
�RS( ���c������������C���s����|��|��_��|��i��ƒ���d��S(����N(����t����filenamet����clear(����t����selfR����(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt����__init__����s������ �c������������C���s����h��|��_��g��|��_��d��S(����N(����t����p_configt ���p_deleted(����R����(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyR��������s������ �c������������C���s,���|��i��ƒ��}��|��|��i��j��o���|��i��|���S�d��S(����N(����t����stripR����t����None(����R����t����keyt����_key(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt����get#���s������������c������������C���sE���|��i��ƒ��}��|��i��ƒ��|��i��|��<|��|��i��j��o���|��i��i��|����n���d��S(����N(����R����R����R����t����remove(����R����R ���t����valueR
���(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt����set)���s������������c������������C���sR���|��i��ƒ��}��|��|��i��j��o���|��i��|��=n���|��|��i��j��o���|��i��i��|��ƒ���n���d��S(����N(����R����R����R����t����append(����R����R ���R
���(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt����unset/���s
�������������c������������C���sS���d��}��xF�|��i��i��ƒ��D]5�\��}��}��|��o���|��d��7}��n���|��d��|��|��f���7}��q��W|��S(����Nt����s����
s����%s = %s(����R����t����items(����R����t����sR ���R
���(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt����__str__6���s������������������c������������C���sÎ���|��i��ƒ���t��|��i��d��ƒ��}��x¡�|��i��ƒ��D]“�}��|��p���Pn���|��i��ƒ��}��t��|��ƒ��d��j��p���|��d���d��j��o���q)�n���|��i��d��ƒ��}��t��|��ƒ��d��j��o���q)�n���|��d���i��ƒ��|��i��|��d���i��ƒ��/dev/null(����R%���t����systemR����(����R����(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt����reload¦���s������(����t����__name__t
���__module__R����R����R����R����R����R����R!���R&���R7���(����(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyR��������s������ � � � � � � V(����(����R%���t����os.pathR"���R*���R����(����(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt��������s����������PK��������ƒU�[&_98ú&��ú&������fw_services.pyonu��W+A„¶���������Ñò
íðeTc�������� ���@���s5���d��d��k��l��Z���d��d��k��l��Z��l��Z���d��dƒ�d��„��ƒ��YZ��e��d��e��d��ƒ��d„�g��e��d �ƒ��d
�d��g��ƒ��e��d��e��d
�ƒ��d…�d†�g��e��d��ƒ��ƒ��e��d��e��d��ƒ��d‡�g��e��d��ƒ��d
�d��g��d��h��d��d��6d��d��6ƒ��e��d��e��d��ƒ��dˆ�d‰�dŠ�g��e��d��ƒ��d
�d��g��ƒ��e��d��e��d �ƒ��d‹�g��e��d"�ƒ��d
�d#�g��ƒ��e��d$�e��d%�ƒ��dŒ�g��e��d'�ƒ��ƒ��e��d(�e��d)�ƒ��d�g��e��d+�ƒ��d,�d-�g��ƒ��e��d.�e��d/�ƒ��dŽ�g��e��d1�ƒ��ƒ��e��d2�e��d3�ƒ��d�g��e��d5�ƒ��ƒ��e��d6�e��d7�ƒ��d�g��e��d9�ƒ��ƒ��e��d:�e��d;�ƒ��d‘�d’�g��e��d>�ƒ��d,�d?�g��d
�d��g��ƒ��e��d@�e��dA�ƒ��d“�d”�d•�d–�g��e��dD�ƒ��d,�d?�g��ƒ��e��dE�e��dF�ƒ��d—�d˜�g��e��dH�ƒ��ƒ��e��dI�e��dJ�ƒ��d™�g��e��dL�ƒ��ƒ��e��dM�e��dN�ƒ��dš�g��e��dP�ƒ��ƒ��e��dQ�e��dR�ƒ��d›�dœ�g��e��dU�ƒ��ƒ��e��dV�e��dW�ƒ��d�g��e��dY�ƒ��ƒ��e��dZ�e��d[�ƒ��dž�g��e��d]�ƒ��d,�d^�g��ƒ��e��d_�e��d`�ƒ��g��e��da�ƒ��d,�d^�g��ƒ��e��db�e��dc�ƒ��dŸ�d �d¡�d¢�g��e��dh�ƒ��ƒ��e��di�e��dj�ƒ��d£�g��e��dl�ƒ��d,�dm�g��ƒ��e��dn�e��do�ƒ��d¤�g��e��dq�ƒ��ƒ��e��dr�e��ds�ƒ��d¥�d¦�d§�g��e��dv�ƒ��ƒ��e��dw�e��dx�ƒ��d¨�g��e��dz�ƒ��ƒ��e��d{�e��d|�ƒ��d©�g��e��d~�ƒ��ƒ��g��Z��d�„��Z��d€�„��Z �d�„��Z
�d‚�S(ª���iÿÿÿÿ(����t����_(����t ���getPortIDt����getServiceNamet����_Servicec������������B���s����e��Z��d��g��h��d��d��„��Z��RS(����c������������C���sC���|��|��_��|��|��_��|��|��_��|��|��_��|��|��_��|��|��_��|��|��_��d��S(����N(����t����keyt����namet����portst����descriptiont����modulest����destinationt����default(����t����selfR����R����R����R����R����R ���R
���(����(����s0���/usr/share/system-config-firewall/fw_services.pyt����__init__����s������ � � � � � �N(����t����__name__t
���__module__t����NoneR����(����(����(����s0���/usr/share/system-config-firewall/fw_services.pyR��������s��������s
���ipp-clients����Network Printing Client (IPP)t����631t����udps����The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over udp) provides the ability to get information about a printer (e.g. capability and status) and to control printer jobs. If you plan to use a remote network printer via cups, do not disable this option.R
���t����desktopt����ipps����Network Printing Server (IPP)t����tcps���The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over tcp) provides the ability to share printers over the network. Enable this option if you plan to share printers via cups over the network.t����mdnss����Multicast DNS (mDNS)t����5353s���mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option.R ���s����224.0.0.251t����ipv4s����ff02::fbt����ipv6t����ipsect����IPsect����aht����espi�s/���Internet Protocol Security (IPsec) incorporates security for network transmissions directly into the Internet Protocol (IP). IPsec provides methods for both encrypting data and authentication for the host or network it sends to. If you plan to use a vpnc server or FreeS/WAN, do not disable this option.t����ssht����SSHt����22s=���Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.t����servert����https
���WWW (HTTP)t����80sÈ���HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.t����ftpt����FTPt����21sÀ���FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.R����t����nf_conntrack_ftpt����nfst����NFS4t����2049s¯���The NFS4 protocol is used to share files via TCP networking. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.t����httpss����Secure WWW (HTTPS)t����443s����HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.t����smtps����Mail (SMTP)t����25sŒ���This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.s����samba-clients����Samba Clientt����137t����138s•���This option allows you to access Windows file and printer sharing networks. You need the samba-client package installed for this option to be useful.t����nf_conntrack_netbios_nst����sambat����Sambat����139t����445s¡���This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful.t����dnst����DNSt����53s¥���The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind).t����imapss
���IMAP over SSLt����993s×���The Internet Message Access Protocol over SSL (IMAPs) allows a local client to access email on a remote server in a secure way. If you plan to provide a IMAP over SSL service (e.g. with dovecot), enable this option.t����pop3ss����POP-3 over SSLt����995sÇ���The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).t����radiust����RADIUSt����1812t����1813s����The Remote Authentication Dial In User Service (RADIUS) is a protocol for user authentication over networks. It is mostly used for modem, DSL or wireless user authentication. If you plan to provide a RADIUS service (e.g. with freeradius), enable this option.t����openvpnt����OpenVPNt����1194s·���OpenVPN is a virtual private network (VPN) solution. It is used to create encrypted point-to-point tunnels between computers. If you plan to provide a VPN service, enable this option.t����tftpt����TFTPt����69sý���The Trivial File Transfer Protocol (TFTP) is a protocol used to transfer files to and from a remote machine in s simple way. It is normally used only for booting diskless workstations and also to transfer data in the Preboot eXecution Environment (PXE).t����nf_conntrack_tftps����tftp-clients����TFTP Clients‘���This option allows you to access Trivial File Transfer Protocol (TFTP) servers. You need the tftp package installed for this option to be useful.s
���cluster-suites����Red Hat Cluster Suitei����i����ig+��iHR��s°���This option allows you to use the Red Hat Cluster Suite. Ports are opened for openais, ricci and dlm. You need the Red Hat Cluster Suite installed for this option to be useful.s
���amanda-clients����Amanda Backup Clienti`'��s©���The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful.t����nf_conntrack_amandas
���bacula-clients
���Bacula ClientiŽ#��s¢���This option allows a Bacula server to connect to the local machine to schedule backups. You need the bacula-client package installed for this option to be useful.t����baculat����Baculai#��i#��sy���Bacula is a network backup solution. Enable this option, if you plan to provide Bacula backup, file and storage services.t����libvirts����Virtual Machine Managementi}@��sÙ���Enable this option if you want to allow remote virtual machine management with SASL authentication and encryption (digest-md5 passwords or GSSAPI/Kerberos). The libvirtd service is needed for this option to be useful.s����libvirt-tlss ���Virtual Machine Management (TLS)i‚@��sÏ���Enable this option if you want to allow remote virtual machine management with TLS encryption, x509 certificates and optional SASL authentication. The libvirtd service is needed for this option to be useful.c������������C���s*���x#�t��D]��}��|��i��|��j��o���|��S�q��Wd��S(����N(����t����service_listR����R����(����R����t����x(����(����s0���/usr/share/system-config-firewall/fw_services.pyt����getByKeyÒ���s
����������� �c������������C���s*���x#�t��D]��}��|��i��|��j��o���|��S�q��Wd��S(����N(����RK���R����R����(����R����RL���(����(����s0���/usr/share/system-config-firewall/fw_services.pyt ���getByName���s
����������� �c������������C���s}���xv�t��D]n�}��t��|��ƒ��}��t��|��|��ƒ��}��|��|��f��|��i��j��p2��t��|��ƒ��|��f��|��i��j��p���|��|��f��|��i��j��o���|��S�q��Wd��S(����N(����RK���R����R����R����t����strR����(����t����portt����protoRL���t����idR����(����(����s0���/usr/share/system-config-firewall/fw_services.pyt ���getByPortÞ���s��������������2��� �N(����(����R����R����(����R����R����(����R����R����(����R����R����(����NR����(����NR����(����iô���R����(����R����R����(����R"���R����(����R%���R����(����R)���R����(����R+���R����(����R-���R����(����R.���R����(����R/���R����(����R.���R����(����R/���R����(����R3���R����(����R4���R����(����R7���R����(����R7���R����(����R9���R����(����R;���R����(����R>���R����(����R?���R����(����RB���R����(����RE���R����(����i����R����(����i����R����(����ig+��R����(����iHR��R����(����i`'��R����(����iŽ#��R����(����i#��R����(����iŽ#��R����(����i#��R����(����i}@��R����(����i‚@��R����(����t ���fw_configR����t����fw_functionsR����R����R����R����RK���RM���RN���RS���(����(����(����s0���/usr/share/system-config-firewall/fw_services.pyt��������sš��������������� ��� ������� ��������� ����� ��������� ������������������� � ��� ��� ������������������������� ����� ��������������� ��������������������� � �PK��������ƒU�[�q’\¬K��¬K������fw_parser.pynu��W+A„¶���������#
# Copyright (C) 2007, 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
from copy import copy
from optparse import Option, OptionError, OptionParser, Values, \
SUPPRESS_HELP, BadOptionError, OptionGroup
import fw_config
from fw_functions import getPortID, getPortRange, getServiceName, checkIP, \
checkInterface
from fw_services import getByKey as getServiceByKey
from fw_icmp import getByKey as getICMPTypeByKey
import os.path
import sys
def _check_port(option, opt, value):
failure = False
try:
(ports, protocol) = value.split(":")
except:
failure = True
else:
range = getPortRange(ports.strip())
if range == -1:
failure = True
elif range == None:
raise OptionError(_("port range %s is not unique.") % value, opt)
elif len(range) == 2 and range[0] >= range[1]:
raise OptionError(_("%s is not a valid range (start port >= end "
"port).") % value, opt)
if not failure:
protocol = protocol.strip()
if protocol not in [ "tcp", "udp" ]:
raise OptionError(_("%s is not a valid protocol.") % protocol, opt)
if failure:
raise OptionError(_("invalid port definition %s.") % value, opt)
return (range, protocol)
def _check_rulesfile(option, opt, value):
type = "ipv4"
table = "filter"
splits = value.split(":", 1)
if len(splits) > 1 and splits[0] in fw_config.FIREWALL_TYPES:
type = splits[0]
splits = splits[1].split(":", 1)
if len(splits) > 1 and splits[0] in fw_config.FIREWALL_TABLES:
table = splits[0]
splits = splits[1].split(":", 1)
filename = ":".join(splits)
if type == "ipv6" and table == "nat":
raise OptionError(_("ipv6 has no nat support."), opt)
return (type, table, filename)
def _check_service(option, opt, value):
if not getServiceByKey(value):
raise OptionError(_("invalid service '%s'.") % value, opt)
return value
def _check_icmp_type(option, opt, value):
if not getICMPTypeByKey(value):
dict = { "option": opt, "value": value }
raise OptionError(_("option %(option)s: invalid icmp type "
"'%(value)s'.") % dict, opt)
return value
def _check_forward_port(option, opt, value):
result = { }
error = None
splits = value.split(":", 1)
while len(splits) > 0:
key_val = splits[0].split("=")
if len(key_val) != 2:
error = _("Invalid argument %s") % splits[0]
break
(key, val) = key_val
if (key == "if" and checkInterface(val)) or \
(key == "proto" and val in [ "tcp", "udp" ]) or \
(key == "toaddr" and checkIP(val)):
result[key] = val
elif (key == "port" or key == "toport") and getPortRange(val) > 0:
result[key] = getPortRange(val)
else:
error = _("Invalid argument %s") % splits[0]
break
if len(splits) > 1:
if splits[1].count("=") == 1:
# last element
splits = [ splits[1] ]
else:
splits = splits[1].split(":", 1)
else:
# finish
splits.pop()
if error:
dict = { "option": opt, "value": value, "error": error }
raise OptionError(_("option %(option)s: invalid forward_port "
"'%(value)s': %(error)s.") % dict, opt)
error = False
for key in [ "if", "port", "proto" ]:
if key not in result.keys():
error = True
if not "toport" in result.keys() and not "toaddr" in result.keys():
error = True
if error:
dict = { "option": opt, "value": value }
raise OptionError(_("option %(option)s: invalid forward_port "
"'%(value)s'.") % dict, opt)
return result
def _check_interface(option, opt, value):
if not checkInterface(value):
raise OptionError(_("invalid interface '%s'.") % value, opt)
return value
def _append_unique(option, opt, value, parser, *args, **kwargs):
vals = getattr(parser.values, option.dest)
if vals and value in vals:
return
parser.values.ensure_value(option.dest, []).append(value)
class _Option(Option):
TYPES = Option.TYPES + ("port", "rulesfile", "service", "forward_port",
"icmp_type", "interface")
TYPE_CHECKER = copy(Option.TYPE_CHECKER)
TYPE_CHECKER["port"] = _check_port
TYPE_CHECKER["rulesfile"] = _check_rulesfile
TYPE_CHECKER["service"] = _check_service
TYPE_CHECKER["forward_port"] = _check_forward_port
TYPE_CHECKER["icmp_type"] = _check_icmp_type
TYPE_CHECKER["interface"] = _check_interface
def _addStandardOptions(parser):
parser.add_option("--enabled",
action="store_true", dest="enabled", default=True,
help=_("Enable firewall (default)"))
parser.add_option("--disabled",
action="store_false", dest="enabled",
help=_("Disable firewall"))
parser.add_option("--addmodule",
action="callback", dest="add_module", type="string",
metavar=_(""), callback=_append_unique,
help=_("Enable an iptables module"))
parser.add_option("--removemodule",
action="callback", dest="remove_module", type="string",
metavar=_(""), callback=_append_unique,
help=_("Disable an iptables module"))
parser.add_option("-s", "--service",
action="callback", dest="services", type="service",
default=[ ],
metavar=_(""), callback=_append_unique,
help=_("Open the firewall for a service (e.g, ssh)"))
parser.add_option("-p", "--port",
action="callback", dest="ports", type="port",
metavar=_("[-]:"),
callback=_append_unique,
help=_("Open specific ports in the firewall "
"(e.g, ssh:tcp)"))
parser.add_option("-t", "--trust",
action="callback", dest="trust", type="interface",
metavar=_(""), callback=_append_unique,
help=_("Allow all traffic on the specified device"))
parser.add_option("-m", "--masq",
action="callback", dest="masq", type="interface",
metavar=_(""), callback=_append_unique,
help=_("Masquerades traffic from the specified device. "
"This is IPv4 only."))
parser.add_option( "--high", "--medium",
action="store_true", dest="enabled",
help=_("Backwards compatibility, aliased to --enabled"))
parser.add_option("--custom-rules",
action="callback", dest="custom_rules", type="rulesfile",
metavar=_("[:][:]"),
callback=_append_unique,
help=_("Specify a custom rules file for inclusion in "
"the firewall, after the "
"default rules. Default protocol type: ipv4, "
"default table: filter. "
"(Example: ipv4:filter:/etc/sysconfig/"
"ipv4_filter_addon)"))
parser.add_option("--forward-port",
action="callback", dest="forward_port",
type="forward_port",
metavar=_("if=:port=:proto="
"[:toport=]"
"[:toaddr=]"),
callback=_append_unique,
help=_("Forward the port with protocol for the "
"interface to either another local destination "
"port (no destination address given) or to an "
"other destination address with an optional "
"destination port. This is IPv4 only."))
parser.add_option("--block-icmp",
action="callback", dest="block_icmp", type="icmp_type",
default=[ ],
callback=_append_unique,
metavar=_(""),
help=_("Block this ICMP type. The default is to accept "
"all ICMP types."))
def _addCompatOptions(parser):
parser.add_option("--no-ipsec",
action="store_true", dest="no_ipsec",
help=_("Disable Internet Protocol Security (IPsec)"))
parser.add_option("--no-ipp",
action="store_true", dest="no_ipp",
help=_("Disable Internet Printing Protocol (IPP)"))
parser.add_option("--no-mdns",
action="store_true", dest="no_mdns",
help=_("Disable Multicast DNS (mDNS)"))
def _addSELinuxOptions(parser):
group = OptionGroup(parser, _("SELinux Options (deprecated)"),
_("Using these options with no additional firewall "
"options will not create or alter firewall "
"configuration, only SELinux will be configured."))
group.add_option("--selinux",
action="store", dest="selinux", type="choice",
metavar=_(""), choices=fw_config.SELINUX_MODES,
help=_("Configure SELinux mode: %s") % \
", ".join(fw_config.SELINUX_MODES))
group.add_option("--selinuxtype",
action="store", dest="selinuxtype", type="string",
metavar=_(""),
help=_("Configure SELinux type: Usually targeted or "
"strict Policy"))
parser.add_option_group(group)
def _parse_args(parser, args, options=None):
try:
(_options, _args) = parser.parse_args(args, options)
except Exception, error:
parser.error(error)
return None
if len(_args) != 0:
for arg in _args:
parser.error(_("no such option: %s") % arg)
if parser._fw_exit:
if fw_config.ui:
fw_config.ui.parse_exit(2)
else:
sys.exit(2)
if not hasattr(_options, "filename"):
_options.filename = None
if not hasattr(_options, "converted"):
_options.converted = False
return _options
class _OptionParser(OptionParser):
# overload print_help: rhpl._ returns UTF-8
def print_help(self, file=None):
if file is None:
file = sys.stdout
str = self.format_help()
if isinstance(str, unicode):
encoding = self._get_encoding(file)
str = str.encode(encoding, "replace")
file.write(str)
def print_usage(self, file=None):
pass
def exit(self, status=0, msg=None):
if msg:
if fw_config.ui:
fw_config.ui.parse_error(msg)
else:
print >>sys.stderr, msg
if not fw_config.ui:
self._fw_exit = True
def error(self, msg):
if self._fw_source:
text = "%s: %s" % (self._fw_source, msg)
else:
text = str(msg)
self.exit(2, msg=text)
def _match_long_opt(self, opt):
if self._long_opt.has_key(opt):
return opt
raise BadOptionError(opt)
def _process_long_opt(self, rargs, values):
# allow to ignore errors in the ui
try:
# OptionParser._process_long_opt(self, rargs, values)
self.__process_long_opt(rargs, values)
except Exception, msg:
self.error(msg)
def _process_short_opts(self, rargs, values):
# allow to ignore errors in the ui
try:
OptionParser._process_short_opts(self, rargs, values)
except Exception, msg:
self.error(msg)
def __process_long_opt(self, rargs, values):
arg = rargs.pop(0)
# Value explicitly attached to arg? Pretend it's the next
# argument.
if "=" in arg:
(opt, next_arg) = arg.split("=", 1)
had_explicit_value = True
else:
opt = arg
had_explicit_value = False
opt = self._match_long_opt(opt)
option = self._long_opt[opt]
if option.takes_value():
nargs = option.nargs
if len(rargs)+int(had_explicit_value) < nargs:
if nargs == 1:
self.error(_("%s option requires an argument") % opt)
else:
dict = { "option": opt, "count": nargs }
self.error(_("%(option)s option requires %(count)s "
"arguments") % dict)
elif nargs == 1 and had_explicit_value:
value = next_arg
elif nargs == 1:
value = rargs.pop(0)
elif had_explicit_value:
value = tuple([ next_arg ] + rargs[0:nargs-1])
del rargs[0:nargs-1]
else:
value = tuple(rargs[0:nargs])
del rargs[0:nargs]
elif had_explicit_value:
self.error(_("%s option does not take a value") % opt)
else:
value = None
option.process(opt, value, values, self)
def _gen_parser(source=None):
parser = _OptionParser(add_help_option=False, option_class=_Option)
parser._fw_source = source
parser._fw_exit = False
return parser
def parseSysconfigArgs(args, options=None, compat=False, source=None):
parser = _gen_parser(source)
_addStandardOptions(parser)
if compat:
_addCompatOptions(parser)
return _parse_args(parser, args, options)
def parseSELinuxArgs(args, options=None, source=None):
parser = _gen_parser(source)
_addSELinuxOptions(parser)
return _parse_args(parser, args, options)
def parseLokkitArgs(args=None, options=None, compat=False):
parser = _gen_parser()
parser.add_option("-?", "-h", "--help", "--usage", action="help",
help=_("Show this help message"))
parser.add_option("-q", "--quiet",
action="store_true", dest="quiet",
help=_("Run noninteractively; process only command-line "
"arguments"))
parser.add_option("-v", "--verbose",
action="store_true", dest="verbose",
help=_("Be more verbose"))
parser.add_option("--version",
action="store_true", dest="version",
help=_("Show version"))
parser.add_option("-n", "--nostart",
action="store_true", dest="nostart",
help=_("Configure firewall but do not activate the new "
"configuration"))
parser.add_option("-f",
action="store_true", dest="force",
help=_("Ignore actual settings"))
parser.add_option("--update",
action="store_true", dest="update",
help=_("Update firewall non-interactively if the "
"firewall is enabled. This will also restart the "
"firewall. The -n and -f options will be "
"ignored."))
parser.add_option("--default",
action="store", dest="default", type="choice",
metavar=_(""), choices=fw_config.DEFAULT_TYPES,
help=_("Set firewall default type: %s. "
"This overwrites any existing "
"configuration.") % ", ".join(fw_config.DEFAULT_TYPES))
parser.add_option("--list-services",
action="store_true", dest="list_services",
help=_("List predefined services."))
parser.add_option("--list-icmp-types",
action="store_true", dest="list_icmp_types",
help=_("List the supported icmp types."))
_addSELinuxOptions(parser)
_addStandardOptions(parser)
if len(sys.argv) < 2:
parser.print_help()
sys.exit(0)
_options = _parse_args(parser, args, options)
_options.nofw = False
if args == None and _options:
selinux = False
firewall = False
for arg in sys.argv[1:]:
if arg.startswith("--selinux"):
selinux = True
else:
firewall = True
if selinux and not firewall:
_options.nofw = True
return _options
def parseDBUSArgs(args=None, options=None, compat=False):
parser = _gen_parser()
parser.add_option("-v", "--verbose",
action="store_true", dest="verbose",
help=_("Be more verbose"))
parser.add_option("-n", "--nostart",
action="store_true", dest="nostart",
help=_("Configure firewall but do not activate the new "
"configuration"))
parser.add_option("-f",
action="store_true", dest="force",
help=_("Ignore actual settings"))
parser.add_option("--update",
action="store_true", dest="update",
help=_("Update firewall non-interactively if the "
"firewall is enabled. This will also restart the "
"firewall. The -n and -f options will be "
"ignored."))
parser.add_option("--default",
action="store", dest="default", type="choice",
metavar=_(""), choices=fw_config.DEFAULT_TYPES,
help=_("Set firewall default type: %s. "
"This overwrites any existing "
"configuration.") % ", ".join(fw_config.DEFAULT_TYPES))
_addSELinuxOptions(parser)
_addStandardOptions(parser)
return _parse_args(parser, args, options)
def copyValues(values):
if not values:
return None
new_values = Values()
new_values.__dict__ = copy(values.__dict__)
return new_values
PK��������ƒU�[½ê ð—���—�������fw_sysconfig.pycnu��W+A„¶���������Ñò
íðeTc��������
���@���s«���d��d��k��Z��d��d��k��l��Z��l��Z��l��Z��l��Z���d��d��k��l��Z���d��d��k �Z �d��d��k
�Z
�d��d��k��Z��d��„��Z��d��e��d��d��„��Z��d��e��d��„��Z��d��„��Z��d��„��Z��d �„��Z��d��S(
���iÿÿÿÿN(����t
���OLD_CONFIGt����CONFIGt
���IP4TABLES_CFGt
���IP6TABLES_CFG(����t����parseSysconfigArgsc������������C���s����d��}��t��i��i��t��ƒ��o���t��i��i��t��ƒ��o
��t��}��n1��t��i��i��t��ƒ��o���t��i��i��t��ƒ��o
��t��}��n���y��t��|��d��ƒ��}��Wn�����d��SXg��}��xd�|��i��ƒ��D]V�}��|��p���Pn���|��i �ƒ��}��t
�|��ƒ��d��j��p���|��d���d��j��o���q—�n���|��i��|��ƒ���q—�W|��i��ƒ���|��|��f��S(����Nt����ri����i����t����#(
���t����Nonet����ost����patht����existsR����t����isfileR����t����opent
���xreadlinest����stript����lent����appendt����close(����t����filenamet����fdt����argvt����line(����(����s1���/usr/share/system-config-firewall/fw_sysconfig.pyt����read_sysconfig_args����s(�������&�
�&�
�����������
���������$�����
�c������������C���sa���t��|��d��|��d��|��d��|��ƒ��}��|��p���d��S�|��|��_��|��i��t��j��o���t��i��|��ƒ���t��|��_��n���|��S(����Nt����optionst����compatt����source(����R����R����R����R����t ���fw_compatt����convertToServicest����Truet ���converted(����t����argst����merge_configR����R����t����config(����(����s1���/usr/share/system-config-firewall/fw_sysconfig.pyt����parse_sysconfig_args1���s�������� ����� ���
�
�c������������C���s0���t��ƒ��}��|��p���|��S�t��|��d���|��|��|��d���ƒ��S(����Ni����i����(����R����R!���(����R����R����R����(����(����s1���/usr/share/system-config-firewall/fw_sysconfig.pyt����read_sysconfig_config<���s������ �����c������������C���s���t��i��i��|��ƒ��o'��y��t��i��|��d��|���ƒ���Wq:����t��SXn���y��t��|��d��ƒ��}��Wn�����t��SXt��i��|��d��ƒ���|��i��d��ƒ���|��i��d��ƒ���|��i �t
�j��o���|��i��d��ƒ���n"��|��i �t��j��o���|��i��d��ƒ���n���|��i��o)��x&�|��i��D]��}��|��i��d��|���ƒ���qØ�Wn���|��i��o)��x&�|��i��D]��}��|��i��d �|���ƒ���q��Wn���|��i
�o]��t��|��i
�ƒ��d
�j��oG��xD�|��i
�D]5�\��}��}��|��i��d��d��i��t��t��|��ƒ��ƒ��|��f���ƒ���qT�Wn���|��i��oH��t��|��i��ƒ��d
�j��o2��x/�|��i��D] �}��|��i��d
�d��i��|��ƒ���ƒ���q»�Wn���|��i��o)��x&�|��i��D]��}��|��i��d��|���ƒ���q÷�Wn���|��i��o)��x&�|��i��D]��}��|��i��d��|���ƒ���q*�Wn���|��i��o ��x��|��i��D]��} �t��| �d���ƒ��d��j��o���d��| �d���d
���}
�n!��d��| �d���d
��| �d���d���f���}
�d��| �d���|
�| �d���f���}��| �i��d��ƒ��oY��t��| �d���ƒ��d��j��o���|��d��| �d���d
���7}��q4��|��d��| �d���d
��| �d���d���f���7}��n���| �i��d��ƒ��o���|��d��| �d����7}��n���|��i��d��|���ƒ���q]�Wn���|��i��ƒ���t
�S(����Ns����%s.oldt����wi€���s0���# Configuration file for system-config-firewall
s����
s
���--enabled
s����--disabled
s����--trust=%s
s
���--masq=%s
i����s
���--port=%s:%s
t����-s����--custom-rules=%s
t����:s
���--service=%s
s����--block-icmp=%s
t����porti����s����%ss����%s-%ss����if=%s:port=%s:proto=%st����ift����protot����toports
���:toport=%ss
���:toport=%s-%st����toaddrs
���:toaddr=%ss����--forward-port=%s
(����R����R ���R
���t����shutilt����copy2t����FalseR����t����chmodt����writet����enabledR����t����trustt����masqt����portsR����t����joint����mapt����strt����custom_rulest����servicest
���block_icmpt����forward_portt����has_keyR����(����R����t����confR����t����devR3���R(���t����customt����servicet����icmpt����fwdR&���R����(����(����s1���/usr/share/system-config-firewall/fw_sysconfig.pyt����write_sysconfig_configB���sr������������� �����������
�
���������
�
�����
�
����� �
���1� �
���"�
�
�����
�
�����
�
������� �������������������
�c������������C���s~���t��}��t��i��t��ƒ��}��y��|��i��ƒ���Wn
����t��}��n��Xt��}��t��i��t��ƒ��}��y��|��i��ƒ���Wn
����t��}��n��Xh��}��h��}��x“�t��i��D]ˆ�}��|��p*��|��i �|��i
�|��i���ƒ��d��j��|��|��i���������������������������������
�
�
���
�#���
���
�#�����
�������(����t����os.pathR����t ���fw_configR����R����R����R����t ���fw_parserR����R����RG���R+���R����R����R-���R!���R"���RB���RV���R\���(����(����(����s1���/usr/share/system-config-firewall/fw_sysconfig.pyt��������s������"��������� ����� @ -PK��������ƒU�[c�]r��������
���fw_compat.pyonu��W+A„¶���������Ñò
íðeTc������������@���s/���d��d��k��l��Z��l��Z���d��d��k��Z��d��„��Z��d��S(����iÿÿÿÿ(����t ���getPortIDt����getServiceNameNc������������C���s©���t��|��i��ƒ��d��j��o���d��S�t��d��ƒ��|��i���GH|��i��}��g��}��g��}��x0�t��i��D]%�}��g��}��|��i��oÞ��t��}��xÛ�|��i��D]Æ�\��}��}��t��|��ƒ��} �t �|��|��ƒ��}
�| �f��|��f��|��i��j��o���|��i
�| �f��|��f��ƒ���qr��|��f��|��f��|��i��j��o���|��i
�|��f��|��f��ƒ���qr��|
�f��|��f��|��i��j��o���|��i
�|
�f��|��f��ƒ���qr��t��}��qr�Wn���t��}��|��o!��|��i
�|��i��ƒ���|��i
�|��ƒ���n���~��qL�W|��i��o9��x6�|��i��D]'�}��|��|��j��o���q‰�n���|��i
�|��ƒ���q‰�Wn���~��t��|��d��ƒ���p���|��i���o"��d��|��j��o���|��i
�d��ƒ���q���n���t��|��d��ƒ���t��|��d��ƒ���p���|��i���o"��d��|��j��o���|��i
�d��ƒ���qQ��n���t��|��d��ƒ���t��|��d��ƒ���p���|��i���o"��d��|��j��o���|��i
�d��ƒ���qœ��n���t��|��d��ƒ���|��|��_��d��S( ���Ni����s
���Converting %st����no_ipsect����ipsect����no_mdnst����mdnst����no_ippt����ipp(����t����lent����servicest����_t����filenamet����fw_servicest����service_listt����portst����TrueR����R����t����appendt����Falset����keyt����extendt����hasattrR����t����delattrR����R����(����t����configR ���R����t����matchedt����svct����_matchedt����all_matchedt����portt����protot����idt����namet����entry(����(����s.���/usr/share/system-config-firewall/fw_compat.pyt����convertToServices����s^����������� �����
�����
���
�������������������������������
�
���
���������
���
���
���
���
���
�(����t����fw_functionsR����R����R����R ���(����(����(����s.���/usr/share/system-config-firewall/fw_compat.pyt��������s��������PK��������ƒU�[s¯lUDL��DL������fw_iptables.pynu��W+A„¶���������#
# Copyright (C) 2007, 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
import os, os.path
import tempfile
import shutil
import types
import fw_services
import fw_icmp
from fw_config import _
from fw_functions import *
##############################################################################
class _Setting:
def __init__ (self, key, name, description=None, iptables=False,
ip6tables=False):
self.key = key
self.name = name
self.description = description
self.iptables = iptables
self.ip6tables = ip6tables
setting_list = [
_Setting("MODULES_UNLOAD", _("Unload modules on restart and stop"),
_("To ensure a sane state, the kernel firewall modules must be "
"unloaded when the firewall is restarted or stopped."),
True, True),
_Setting("SAVE_ON_STOP", _("Save on stop"),
_("Save the active firewall configuration with all changes since "
"the last start before stopping the firewall. Only do this if "
"you need to preserve the active state for the next start.")),
_Setting("SAVE_ON_RESTART", _("Save on restart"),
_("Save the active firewall configuration with all changes since "
"the last start before restarting the firewall. Only do this if "
"you need to preserve the active state for the next start.")),
_Setting("SAVE_COUNTER", _("Save and restore counter"),
_("Save on stop and Save on restart additionally "
"save rule and chain counter.")),
_Setting("STATUS_NUMERIC", _("Numeric status output"),
_("Print addresses and ports in numeric format for the status "
"output."),
True, True),
_Setting("STATUS_VERBOSE", _("Verbose status"),
_("Print information about the number of packets and bytes plus "
"the input- and outputdevice in the status "
"output.")),
_Setting("STATUS_LINENUMBERS", _("Status line numbers"),
_("Print a counter/number for every rule in the status output."),
True, True),
]
def getByKey(key):
for x in setting_list:
if x.key == key:
return x
return None
def getByName(name):
for x in setting_list:
if x.name == name:
return x
return None
##############################################################################
class ip4tablesConfig:
prefix = "IPTABLES_"
def __init__(self, filename):
self.filename = filename
self.clear()
def clear(self):
self.p_config = { }
self.set("%sMODULES" % self.prefix, [ ])
self.set("%sMODULES_UNLOAD" % self.prefix, "yes")
self.set("%sSAVE_ON_STOP" % self.prefix, "no")
self.set("%sSAVE_ON_RESTART" % self.prefix, "no")
self.set("%sSAVE_COUNTER" % self.prefix, "no")
self.set("%sSTATUS_NUMERIC" % self.prefix, "yes")
self.set("%sSTATUS_VERBOSE" % self.prefix, "no")
self.set("%sSTATUS_LINENUMBERS" % self.prefix, "yes")
def get(self, key):
if key in self.p_config.keys():
return self.p_config[key]
return None
def set(self, key, value):
if key[-8:] == "_MODULES":
self.p_config[key.strip()] = value
else:
self.p_config[key.strip()] = value.strip()
def __str__(self):
s = ""
for (key,value) in self.p_config.items():
if s:
s += '\n'
s += '%s = %s' % (key, value)
return s
# load self.filename
def read(self):
self.clear()
file = open(self.filename, "r")
for line in file.xreadlines():
if not line:
break
line = line.strip()
if len(line) < 1 or line[0] == '#':
continue
# get key/value pairs
p = line.split("=")
if len(p) != 2:
continue
key = p[0].strip()
value = p[1].strip()
# remove leading and trailing double quotes
if len(value) > 0 and value[0] == '"' and value[-1] == '"':
value = value[1:-1]
if key[-8:] == "_MODULES":
value = value.split()
self.p_config[key] = value
file.close()
# save to self.filename if there are key/value changes
def write(self):
if len(self.p_config) < 1:
# no changes: nothing to do
return
if os.path.exists(self.filename):
shutil.copy2(self.filename, "%s.old" % self.filename)
temp_dir = tempfile.mkdtemp()
temp_file = "%s/%s" % (temp_dir, "config")
fd = open(temp_file, "w")
modified = False
try:
file = open(self.filename, "r")
except:
file = None
else:
for line in file.xreadlines():
if not line: break
# remove newline at and on line
if line[-1:] == "\n":
line = line[:-1]
if len(line) < 1:
fd.write("\n")
continue
if line[0] != "#" and len(line) > 1:
p = line.split("=")
if len(p) != 2:
fd.write(line+"\n")
continue
key = p[0].strip()
value = p[1].strip()
# remove leading and trailing double quotes
if len(value) > 0 and value[0] == '"' and value[-1] == '"':
value = value[1:-1]
if key[-8:] == "_MODULES":
value = value.split()
if (key in self.p_config.keys() and \
self.p_config[key] != value) or \
key not in self.p_config.keys():
self._write(fd, key, self.p_config[key])
modified = True
del self.p_config[key]
else:
fd.write(line+"\n")
del self.p_config[key]
else:
fd.write(line+"\n")
# write remaining key/value pairs
if len(self.p_config) > 0:
fd.write("\n")
for (key,value) in self.p_config.items():
self._write(fd, key, value)
modified = True
if file:
file.close()
fd.close()
try:
file = open(self.filename, "w")
except:
shutil.rmtree(temp_dir)
raise IOError, "Permission denied: '%s'" % self.filename
os.chmod(self.filename, 0600)
# copy content
for line in open(temp_file, "r"):
file.write(line)
file.close()
shutil.rmtree(temp_dir)
def _write(self, fd, key, value):
if isinstance(value, types.ListType) or \
isinstance(value, types.TupleType):
val = " ".join(value)
else:
val = value
fd.write('%s="%s"\n' % (key, val))
##############################################################################
class ip6tablesConfig(ip4tablesConfig):
prefix = "IP6TABLES_"
##############################################################################
class iptablesClass:
prog = "iptables"
type = "ipv4"
def __init__(self, filename):
self.filename = filename
def write(self, conf):
if self.type == "ipv4":
reject_type = "icmp-host-prohibited"
else:
reject_type = "icmp6-adm-prohibited"
custom_mangle = [ ]
custom_nat = [ ]
custom_filter = [ ]
if conf.custom_rules and len(conf.custom_rules) > 0:
for (_type, table, filename) in conf.custom_rules:
if _type != self.type:
continue
# ignore missing files
if not os.path.exists(filename) or \
not os.path.isfile(filename):
continue
if table == "mangle":
custom_mangle.append(filename)
elif table == "nat":
custom_nat.append(filename)
elif table == "filter":
custom_filter.append(filename)
if os.path.exists(self.filename):
shutil.copy2(self.filename, "%s.old" % self.filename)
# do we have local or remote forwarding?
local_forward = False
remote_forward = False
if conf.forward_port:
for fwd in conf.forward_port:
if fwd.has_key("toaddr"):
remote_forward = True
else:
local_forward = True
mark_idx = 100
fd = open(self.filename, "w")
os.chmod(self.filename, 0600)
fd.write("# Firewall configuration written by system-config-firewall\n")
fd.write("# Manual customization of this file is not recommended.\n")
### MANGLE ###
if len(custom_mangle) > 0 or (self.type == "ipv4" and local_forward):
fd.write("*mangle\n")
fd.write(":PREROUTING ACCEPT [0:0]\n")
fd.write(":INPUT ACCEPT [0:0]\n")
fd.write(":FORWARD ACCEPT [0:0]\n")
fd.write(":OUTPUT ACCEPT [0:0]\n")
fd.write(":POSTROUTING ACCEPT [0:0]\n")
# custom rules
for filename in custom_mangle:
catFile(fd, filename)
if self.type == "ipv4" and \
(conf.forward_port and len(conf.forward_port) > 0):
for fwd in conf.forward_port:
if fwd.has_key("toaddr"):
continue
port = self._portStr(fwd["port"])
fwd["mark"] = mark_idx
mark_idx += 1
fd.write("-A PREROUTING -i %s -p %s --dport %s "
"-j MARK --set-mark 0x%x\n" % (fwd["if"],
fwd["proto"],
port,
fwd["mark"]))
fd.write("COMMIT\n")
### NAT ###
# no support for nat for netfilterv6 for now
if self.type == "ipv4" and \
((conf.masq and len(conf.masq) > 0) or len(custom_nat) > 0 or \
(conf.forward_port and len(conf.forward_port) > 0)):
fd.write("*nat\n")
fd.write(":PREROUTING ACCEPT [0:0]\n")
fd.write(":OUTPUT ACCEPT [0:0]\n")
fd.write(":POSTROUTING ACCEPT [0:0]\n")
# masquerading
if conf.masq:
for dev in conf.masq:
fd.write("-A POSTROUTING -o %s -j MASQUERADE\n" % dev)
# port forward
if conf.forward_port:
for fwd in conf.forward_port:
port = self._portStr(fwd["port"])
to = ""
mark = ""
if fwd.has_key("toaddr"):
to += fwd["toaddr"]
else:
mark = "-m mark --mark 0x%x " % fwd["mark"]
if fwd.has_key("toport"):
# the port range delimiter for DNAT is '-'
to += ":%s" % self._portStr(fwd["toport"], "-")
fd.write("-A PREROUTING -i %s -p %s --dport %s %s"
"-j DNAT --to-destination %s\n" % \
(fwd["if"], fwd["proto"], port, mark, to))
# custom rules
for filename in custom_nat:
catFile(fd, filename)
fd.write("COMMIT\n")
### FILTER ###
fd.write("*filter\n")
fd.write(":INPUT ACCEPT [0:0]\n")
fd.write(":FORWARD ACCEPT [0:0]\n")
fd.write(":OUTPUT ACCEPT [0:0]\n")
# INPUT
# accept established and related connections as early as possible
# RELATED is extremely important as it matches ICMP error messages
fd.write("-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n")
# icmp
self._icmp(conf, fd, "INPUT", reject_type)
# trust lo
fd.write("-A INPUT -i lo -j ACCEPT\n")
# Always allow ipv6-dhcp
if self.type == "ipv6":
fd.write("-A INPUT -m state --state NEW -m udp -p udp --dport 546 -d fe80::/64 -j ACCEPT\n")
# trusted interfaces
if conf.trust:
for dev in conf.trust:
fd.write("-A INPUT -i %s -j ACCEPT\n" % dev)
# forward local
if self.type == "ipv4" and conf.forward_port:
for fwd in conf.forward_port:
if fwd.has_key("toaddr"):
continue
line = "-A INPUT -i %s -m state --state NEW -m %s -p %s" % \
(fwd["if"], fwd["proto"], fwd["proto"])
if fwd.has_key("toport"):
line += " --dport %s" % self._portStr(fwd["toport"])
line += " -m mark --mark 0x%x" % fwd["mark"]
line += " -j ACCEPT\n"
fd.write(line)
# open services
if conf.services and len(conf.services) > 0:
for service in conf.services:
svc = fw_services.getByKey(service)
for (port,proto) in svc.ports:
_state = ""
_dest = ""
_port = ""
if proto in [ "tcp", "udp" ]:
_state = "-m state --state NEW "
_proto = "-m %s -p %s " % (proto, proto)
else:
if self.type == "ipv4":
_proto = "-p %s " % proto
else:
_proto = "-m ipv6header --header %s " % proto
if port:
_port = "--dport %s " % port
if svc.destination.has_key(self.type):
_dest = "-d %s " % svc.destination[self.type]
fd.write("-A INPUT " + _state + _proto + _port + _dest +
"-j ACCEPT\n")
# open ports
if conf.ports and len(conf.ports) > 0:
for (ports, proto) in conf.ports:
fd.write("-A INPUT -m state --state NEW -m %s -p %s --dport %s "
"-j ACCEPT\n" % (proto, proto, self._portStr(ports)))
# FORWARD
if (conf.trust and len(conf.trust) > 0) or \
(self.type == "ipv4" and conf.masq and len(conf.masq) > 0) or \
(self.type == "ipv4" and remote_forward):
# accept established and related connections
fd.write("-A FORWARD -m state --state ESTABLISHED,RELATED "
"-j ACCEPT\n")
# icmp
self._icmp(conf, fd, "FORWARD", reject_type)
# trust lo
fd.write("-A FORWARD -i lo -j ACCEPT\n")
# trusted interfaces
if conf.trust:
for dev in conf.trust:
fd.write("-A FORWARD -i %s -j ACCEPT\n" % dev)
# allow to output to masqueraded interfaces (IPv4 only)
if self.type == "ipv4" and conf.masq:
for dev in conf.masq:
fd.write("-A FORWARD -o %s -j ACCEPT\n" % dev)
# forward remote
if self.type == "ipv4" and conf.forward_port and remote_forward:
for fwd in conf.forward_port:
if not fwd.has_key("toaddr"):
continue
if fwd.has_key("toport"):
port = self._portStr(fwd["toport"])
else:
port = self._portStr(fwd["port"])
fd.write("-A FORWARD -i %s -m state --state NEW "
"-m %s -p %s -d %s --dport %s "
"-j ACCEPT\n" % (fwd["if"], fwd["proto"],
fwd["proto"], fwd["toaddr"],
port))
# add custom filter rules
if len(custom_filter) > 0:
for _filename in custom_filter:
catFile(fd, _filename)
# reject remaining INPUT and OUTPUT
fd.write("-A INPUT -j REJECT --reject-with %s\n" % reject_type)
fd.write("-A FORWARD -j REJECT --reject-with %s\n" % reject_type)
# OUTPUT
# no output rules, yet
fd.write("COMMIT\n")
fd.close()
def _icmp(self, conf, fd, chain, reject_type):
if self.type == "ipv4":
proto = "-p icmp"
match = "-m icmp --icmp-type"
else:
proto = "-p ipv6-icmp"
match = "-m icmp6 --icmpv6-type"
for key in conf.block_icmp:
icmp = fw_icmp.getByKey(key)
if icmp.type and self.type not in icmp.type:
continue
fd.write("-A %s %s %s %s -j REJECT --reject-with %s\n" % \
(chain, proto, match, key, reject_type))
fd.write("-A %s %s -j ACCEPT\n" % (chain, proto))
def _portStr(self, port, delimiter=":"):
if len(port) == 1:
return "%s" % port
else:
return "%s%s%s" % (port[0], delimiter, port[1])
def _run(self, prog, arg, verbose=False):
cmd = "%s %s %s" % (prog, self.prog, arg)
if not verbose:
cmd += " >/dev/null 2>&1"
return os.system(cmd) >> 8
def start(self, verbose=False):
return self._run("/sbin/service", "start", verbose)
def restart(self, verbose=False):
return self._run("/sbin/service", "restart", verbose)
def condrestart(self, verbose=False):
return self._run("/sbin/service", "condrestart", verbose)
def status(self, verbose=False):
return self._run("/sbin/service", "status", verbose)
def stop(self, verbose=False):
return self._run("/sbin/service", "stop", verbose)
def chkconfig_on(self, verbose=False):
return self._run("/sbin/chkconfig", "on", verbose)
def chkconfig_off(self, verbose=False):
return self._run("/sbin/chkconfig", "off", verbose)
def unlink(self):
if os.path.exists(self.filename) and os.path.isfile(self.filename):
os.unlink(self.filename)
##############################################################################
class ip6tablesClass(iptablesClass):
prog = "ip6tables"
type = "ipv6"
PK��������ƒU�[éuÃï
��
������fw_functions.pyonu��W+A„¶���������Ñò
íðeTc������������@���sR���d��d��k��Z��d��d��k��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��S(����iÿÿÿÿNc������������C���s‚���t��|��t��i��ƒ��o
��|��}��nP��|��o���|��i��ƒ��}��n���y��t��|��ƒ��}��Wn%����y��t��i��|��ƒ��}��Wql����d��SXn��X|��d��j��o���d��S�|��S(����Niÿÿÿÿiÿÿ��(����t
���isinstancet����typest����IntTypet����stript����intt����sockett
���getservbyname(����t����portt����id(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt ���getPortID����s��������
����������������� �
���c������������C���s§���t��|��t��i��ƒ��o&��t��|��ƒ��}��|��d��j��o���|��f��S�d��S�|��i��d��ƒ��}��g��}��x��t��t��|��ƒ��d��d��ƒ��D]��}��t��d��i��|��|�� ƒ��ƒ��}��d��i��|��|���ƒ��}��t��|��ƒ��d��j��o†��t��|��ƒ��}��|��d��j��oi��|��d��j��o\��|��|��j��o���|��i��|��|��f��ƒ���q.��|��|��j��o���|��i��|��|��f��ƒ���q.��|��i��|��f��ƒ���qk��qg��|��d��j��o,��|��i��|��f��ƒ���|��t��|��ƒ��j��o���Pqk��qg��qg�Wt��|��ƒ��d��j��o���d��S�t��|��ƒ��d��j��o���d��S�|��d���S(����Ni����iÿÿÿÿt����-i����(
���R����R����R����R ���t����splitt����xranget����lent����joint����appendt����None(����t����portsR����t����splitst����matchedt����it����id1t����port2t����id2(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt����getPortRange'���s8���������
�����������������������
���
�����
�����
���������c������������C���s+���y��t��i��t��|��ƒ��|��ƒ��}��Wn�����d��SX|��S(����N(����R����t
���getservbyportR����R����(����R����t����protot����name(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt����getServiceNameH���s
�������������c������������C���sP���y��t��|��d��ƒ��}��Wn�����t��SXx!�|��i��ƒ��D]��}��|��i��|��ƒ���q+�W|��i��ƒ���t��S(����Nt����r(����t����opent����Falset
���xreadlinest����writet����closet����True(����t����fdt����filenamet ���source_fdt����line(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt����catFileO���s��������������
�����
�c������������C���s—���|��d��j��o†��|��i��d��ƒ��}��t��|��ƒ��d��j��o���t��S�x\�t��t��|��ƒ��ƒ��D]D�}��y��t��|��|���ƒ��}��Wn�����t��SX|��d��j��p
��|��d��j��o���t��S�qG�Wn���t��S(����Nt����t����.i����i����iÿ���(����R����R
���R����R����R����R#���(����t����ipR����R����t����l(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt����checkIPY���s������
���������������������
�c������������C���sh���|���p���t��|��ƒ��d��j��o���t��S�x/�d��d��d��d��d��g��D]��}��|��|��j��o���t��S�q6�W|��d��j��o���t��S�t��S(����Ni����t���� t����/t����!t����:t����*t����+(����R
���R����R#���(����t����ifacet����ch(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt����checkInterfaceg���s��������������
� �
���(����R����R����R ���R����R����R(���R-���R6���(����(����(����s1���/usr/share/system-config-firewall/fw_functions.pyt��������s������ � ! �
�PK��������ƒU�[¢Eâ¹(>��(>������fw_iptables.pycnu��W+A„¶���������Ñò
íðeTc������������@���s¾���d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��k��l��Z���d��d��k �Td��f��d��„��ƒ��YZ
�e
�d��e��d��ƒ��e��d��ƒ��e��e��ƒ��e
�d �e��d
�ƒ��e��d��ƒ��ƒ��e
�d��e��d
�ƒ��e��d��ƒ��ƒ��e
�d��e��d��ƒ��e��d��ƒ��ƒ��e
�d��e��d��ƒ��e��d��ƒ��e��e��ƒ��e
�d��e��d��ƒ��e��d��ƒ��ƒ��e
�d��e��d��ƒ��e��d��ƒ��e��e��ƒ��g��Z��d��„��Z
�d��„��Z��d��f��d��„��ƒ��YZ��d��e��f��d �„��ƒ��YZ��d!�f��d"�„��ƒ��YZ��d#�e��f��d$�„��ƒ��YZ��d��S(%���iÿÿÿÿN(����t����_(����t����*t����_Settingc������������B���s����e��Z��d��e��e��d��„��Z��RS(����c������������C���s1���|��|��_��|��|��_��|��|��_��|��|��_��|��|��_��d��S(����N(����t����keyt����namet����descriptiont����iptablest ���ip6tables(����t����selfR����R����R����R����R����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt����__init__!���s
����� � � � �N(����t����__name__t
���__module__t����Nonet����FalseR ���(����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR���� ���s��������t����MODULES_UNLOADs"���Unload modules on restart and stopso���To ensure a sane state, the kernel firewall modules must be unloaded when the firewall is restarted or stopped.t����SAVE_ON_STOPs����Save on stops´���Save the active firewall configuration with all changes since the last start before stopping the firewall. Only do this if you need to preserve the active state for the next start.t����SAVE_ON_RESTARTs����Save on restarts¶���Save the active firewall configuration with all changes since the last start before restarting the firewall. Only do this if you need to preserve the active state for the next start.t����SAVE_COUNTERs����Save and restore countersX���Save on stop and Save on restart additionally save rule and chain counter.t����STATUS_NUMERICs����Numeric status outputsB���Print addresses and ports in numeric format for the status output.t����STATUS_VERBOSEs����Verbose statuss|���Print information about the number of packets and bytes plus the input- and outputdevice in the status output.t����STATUS_LINENUMBERSs����Status line numberss;���Print a counter/number for every rule in the status output.c������������C���s*���x#�t��D]��}��|��i��|��j��o���|��S�q��Wd��S(����N(����t����setting_listR����R����(����R����t����x(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt����getByKeyF���s
����������� �c������������C���s*���x#�t��D]��}��|��i��|��j��o���|��S�q��Wd��S(����N(����R����R����R����(����R����R����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt ���getByNameL���s
����������� �t����ip4tablesConfigc������������B���sV���e��Z��d��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z �d��„��Z
�RS( ���t ���IPTABLES_c������������C���s����|��|��_��|��i��ƒ���d��S(����N(����t����filenamet����clear(����R����R����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR ���W���s������ �c������������C���sÅ���h��|��_��|��i��d��|��i���g��ƒ���|��i��d��|��i���d��ƒ���|��i��d��|��i���d��ƒ���|��i��d��|��i���d��ƒ���|��i��d��|��i���d��ƒ���|��i��d��|��i���d��ƒ���|��i��d �|��i���d��ƒ���|��i��d
�|��i���d��ƒ���d��S(����Ns ���%sMODULESs����%sMODULES_UNLOADt����yess����%sSAVE_ON_STOPt����nos����%sSAVE_ON_RESTARTs����%sSAVE_COUNTERs����%sSTATUS_NUMERICs����%sSTATUS_VERBOSEs����%sSTATUS_LINENUMBERS(����t����p_configt����sett����prefix(����R����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR����[���s������ ���������������c������������C���s&���|��|��i��i��ƒ��j��o���|��i��|���S�d��S(����N(����R����t����keysR����(����R����R����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt����getf���s����������c������������C���sE���|��d���d��j��o���|��|��i��|��i��ƒ���|��i��D]/�\��}��}��|
�i��d9�|��|��|��i��|��ƒ��f���ƒ���q¼�Wn���|��i��o���t��|��i��ƒ��d��j��pG��|��i��d��j��o ��|��i��o���t��|��i��ƒ��d��j��p���|��i��d��j��ok��|
�od��|
�i��d:�ƒ���|��i��|��|
�d;�|��ƒ���|
�i��d<�ƒ���|��i��o)��x&�|��i��D]��}��|
�i��d=�|���ƒ���qž�Wn���|��i��d��j��o3��|��i��o)��x&�|��i��D]��}��|
�i��d>�|���ƒ���qá�Wn���|��i��d��j��oª��|��i��o ��|
�o™��x–�|��i��D]‡�}��|��i
�d �ƒ��p���q+ n���|��i
�d �ƒ��o���|��i��|��d ��ƒ��}��n���|��i��|��d���ƒ��}��|
�i��d?�|��d���|��d���|��d���|��d ��|��f���ƒ���q+ Wq¾ �n���t��|��ƒ��d��j��o"��x��|��D]��}��t��|
�|��ƒ���qØ Wn���|
�i��d@�|���ƒ���|
�i��dA�|���ƒ���|
�i��d��ƒ���|
�i��ƒ���d��S(C���NRU���s����icmp-host-prohibiteds����icmp6-adm-prohibitedi����t����manglet����natt����filters����%s.oldt����toaddrid���R9���i€���s;���# Firewall configuration written by system-config-firewall
s8���# Manual customization of this file is not recommended.
s����*mangle
s����:PREROUTING ACCEPT [0:0]
s����:INPUT ACCEPT [0:0]
s����:FORWARD ACCEPT [0:0]
s����:OUTPUT ACCEPT [0:0]
s����:POSTROUTING ACCEPT [0:0]
t����portt����marki����s=���-A PREROUTING -i %s -p %s --dport %s -j MARK --set-mark 0x%x
t����ift����protos����COMMIT
s����*nat
s#���-A POSTROUTING -o %s -j MASQUERADE
R'���s����-m mark --mark 0x%x t����toports����:%st����-sC���-A PREROUTING -i %s -p %s --dport %s %s-j DNAT --to-destination %s
s����*filter
s8���-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
t����INPUTs����-A INPUT -i lo -j ACCEPT
t����ipv6sO���-A INPUT -m state --state NEW -m udp -p udp --dport 546 -d fe80::/64 -j ACCEPT
s����-A INPUT -i %s -j ACCEPT
s/���-A INPUT -i %s -m state --state NEW -m %s -p %ss���� --dport %ss���� -m mark --mark 0x%xs���� -j ACCEPT
t����tcpt����udps����-m state --state NEW s����-m %s -p %s s����-p %s s����-m ipv6header --header %s s����--dport %s s����-d %s s ���-A INPUT s
���-j ACCEPT
s?���-A INPUT -m state --state NEW -m %s -p %s --dport %s -j ACCEPT
s:���-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
t����FORWARDs����-A FORWARD -i lo -j ACCEPT
s����-A FORWARD -i %s -j ACCEPT
s����-A FORWARD -o %s -j ACCEPT
sM���-A FORWARD -i %s -m state --state NEW -m %s -p %s -d %s --dport %s -j ACCEPT
s$���-A INPUT -j REJECT --reject-with %s
s&���-A FORWARD -j REJECT --reject-with %s
(����Rb���Rc���(����t����typet����custom_rulesR1���R:���R;���R<���t����isfilet����appendR����R=���R>���R
���t����forward_portt����has_keyRC���R/���RF���RA���t����catFilet����_portStrt����masqt����_icmpt����trustt����servicest����fw_servicesR����t����portst����destinationR3���(����R����t����conft����reject_typet
���custom_manglet
���custom_natt
���custom_filtert����_typet����tableR����t
���local_forwardt����remote_forwardt����fwdt����mark_idxRI���RZ���t����devt����toR[���R5���t����servicet����svcR]���t����_statet����_destt����_portt����_protoRr���t ���_filename(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyRA����sZ�������
��������� �
�������������
���
���
�����������
�
�����
���������
�
�*�
�
�
�
�
�
��������� �
���������
�
� �������������3� �
�
�
�
�
�
�����
�
�����������������"� �'���������
�
�
�
�
���
�����
�
�������
�����������������
��� �
�����
���������
���������
������������� �
��� �"� �0���
���
�
�
�������
�����!�
������������� �������������������
�c���� �������C���s®���|��i��d��j��o���d��}��d��}��n
��d��}��d��}��xd�|��i��D]Y�}��t��i��|��ƒ��}��|��i��o���|��i��|��i��j��o���q6�n���|��i��d��|��|��|��|��|��f���ƒ���q6�W|��i��d��|��|��f���ƒ���d��S(����NRU���s����-p icmps����-m icmp --icmp-types����-p ipv6-icmps����-m icmp6 --icmpv6-types*���-A %s %s %s %s -j REJECT --reject-with %s
s����-A %s %s -j ACCEPT
(����Re���t
���block_icmpt����fw_icmpR����RA���( ���R����Rt���RI���t����chainRu���R]���t����matchR����t����icmp(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyRn������s����������
�����
��������� ���t����:c������������C���s9���t��|��ƒ��d��j��o ��d��|���S�d��|��d���|��|��d���f���Sd��S(����Ni����s����%ss����%s%s%si����(����R1���(����R����RZ���t ���delimiter(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyRl���ã���s�������� �c������������C���s<���d��|��|��i��|��f���}��|��p���|��d��7}��n���t��i��|��ƒ��d��?S(����Ns����%s %s %ss���� >/dev/null 2>&1i����(����t����progR:���t����system(����R����R���t����argt����verboset����cmd(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt����_runé���s������������c������������C���s����|��i��d��d��|��ƒ��S(����Ns
���/sbin/servicet����start(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR•���ï���s������c������������C���s����|��i��d��d��|��ƒ��S(����Ns
���/sbin/servicet����restart(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR–���ò���s������c������������C���s����|��i��d��d��|��ƒ��S(����Ns
���/sbin/servicet����condrestart(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR—���õ���s������c������������C���s����|��i��d��d��|��ƒ��S(����Ns
���/sbin/servicet����status(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR˜���ø���s������c������������C���s����|��i��d��d��|��ƒ��S(����Ns
���/sbin/servicet����stop(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyR™���û���s������c������������C���s����|��i��d��d��|��ƒ��S(����Ns����/sbin/chkconfigt����on(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt����chkconfig_onþ���s������c������������C���s����|��i��d��d��|��ƒ��S(����Ns����/sbin/chkconfigt����off(����R”���(����R����R’���(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt
���chkconfig_off����s������c������������C���sD���t��i��i��|��i��ƒ��o*��t��i��i��|��i��ƒ��o���t��i��|��i��ƒ���n���d��S(����N(����R:���R;���R<���R����Rg���t����unlink(����R����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyRž�������s������,�(����R
���R����R���Re���R ���RA���Rn���Rl���R
���R”���R•���R–���R—���R˜���R™���R›���R���Rž���(����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyRT���ì���s���������� � à �������������������t����ip6tablesClassc������������B���s����e��Z��d��Z��d��Z��RS(����R����Ra���(����R
���R����R���Re���(����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyRŸ���
���s��������(����R:���t����os.pathR?���R=���RM���Rq���R‰���t ���fw_configR����t����fw_functionsR����RC���R����R����R����R����RR���RT���RŸ���(����(����(����s0���/usr/share/system-config-firewall/fw_iptables.pyt��������s@�����������������
��
�� � ��������������� � ������� ��� � ��“���ÿ��PK��������ƒU�[·5D5À���À��� ���fw_nm.pyonu��W+A„¶���������Ñò
íðeTc������������@���s¢���d��d��k��Z��d��Z��d��Z��d��Z��d��Z��d��Z��d��Z��d��Z��d �Z��d
�Z �d��Z
�d��Z��d
�Z��h��d��e��6d��e �6d��e
�6d��e��6d��e��6Z
�d��d��k��Z��e��i��ƒ��Z��d��„��Z��d��S(����iÿÿÿÿNs����/org/freedesktop/NetworkManagers����org.freedesktop.NetworkManagers,���org.freedesktop.NetworkManagerSystemSettingss*���org.freedesktop.NetworkManagerUserSettingss%���org.freedesktop.NetworkManager.Devices+���org.freedesktop.NetworkManager.Device.Wireds.���org.freedesktop.NetworkManager.Device.Wirelessi����i����i����i����i����s����unknown types����wired Ethernets����802.11 WiFis����GSM-based cellular WANs����CDMA/IS-95-based cellular WANc����
��� ���C���s2���h��}��x%�t��t��g��D]��}��t��i��|��t��ƒ��}��t��i��|��d��t��ƒ��}��y��|��i��ƒ��}��Wn
����q��n��XxÊ�|��D]Â�}��t��i��|��|��ƒ��}��t��i��|��d��d��ƒ��}��|��i �t
�d��ƒ��}��|��i �t
�d��ƒ��}��|��t��j��o���|��i �t��d��ƒ��} �n'��|��t
�j��o���|��i �t��d��ƒ��} �n���qd�h��t��|���d��6t��| �ƒ��d��6|��t��|��ƒ������s*���������������������������������������
�����PK��������ƒU�[Çú²�½ ��½ ��
���fw_config.pyonu��W+A„¶���������Ñò
íðeTc������������@���s.���d��d��k��Z��e��i��e��i��d��ƒ���d��Z��d��d��k��Z��d��„��Z��d��d��k��Z��e��e��i��d������s����t����_s����/usr/share/s����.glades����(C) 2007-2009 Red Hat, Inc.s����1.2.27s$���Thomas Woerner s!���Chris Lumens s!���Florian Festi s����Brent Fox sc���This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see .s����/etc/sysconfig/iptabless����/etc/sysconfig/ip6tabless����/etc/sysconfig/iptables-configs����/etc/sysconfig/ip6tables-configs%���/etc/sysconfig/system-config-firewalls*���/etc/sysconfig/system-config-securitylevels����/etc/selinux/configs����/etc/sysconfig/selinuxs����/etc/sysctl.conft����pppt����isdnt����ipppt����tunt����wlant����ipv4t����ipv6t����manglet����natt����filtert����servert����desktopt ���enforcingt
���permissivet����disabledt����targeted(!���t����localet ���setlocalet����LC_ALLR����R����R����t����__builtin__t����__dict__t����Nonet����uit����APP_NAMEt����DATADIRt
���GLADE_NAMEt ���COPYRIGHTt����VERSIONt����AUTHORSt����LICENSEt����IP4TABLES_RULESt����IP6TABLES_RULESt
���IP4TABLES_CFGt
���IP6TABLES_CFGt����CONFIGt
���OLD_CONFIGt ���SE_CONFIGt
���OLD_SE_CONFIGt
���SYSCTL_CONFIGt����STD_DEVICESt����FIREWALL_TYPESt����FIREWALL_TABLESt
���DEFAULT_TYPESt
���SELINUX_MODESt����DEFAULT_SELINUX_MODEt����DEFAULT_SELINUX_TYPE(����(����(����s.���/usr/share/system-config-firewall/fw_config.pyt��������sD����������� ���
�����
�
����������� ���
������������������������������PK��������ƒU�[ë$En“���“���
���fw_sysctl.pycnu��W+A„¶���������Ñò
íðeTc������������@���sG���d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��k��Z��d��d��d��„��ƒ��YZ��d��S(����iÿÿÿÿNt����sysctlClassc������������B���sY���e��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z �d��„��Z
�RS( ���c������������C���s����|��|��_��|��i��ƒ���d��S(����N(����t����filenamet����clear(����t����selfR����(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt����__init__����s������ �c������������C���s����h��|��_��g��|��_��d��S(����N(����t����p_configt ���p_deleted(����R����(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyR��������s������ �c������������C���s,���|��i��ƒ��}��|��|��i��j��o���|��i��|���S�d��S(����N(����t����stripR����t����None(����R����t����keyt����_key(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt����get#���s������������c������������C���sE���|��i��ƒ��}��|��i��ƒ��|��i��|��<|��|��i��j��o���|��i��i��|����n���d��S(����N(����R����R����R����t����remove(����R����R ���t����valueR
���(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt����set)���s������������c������������C���sR���|��i��ƒ��}��|��|��i��j��o���|��i��|��=n���|��|��i��j��o���|��i��i��|��ƒ���n���d��S(����N(����R����R����R����t����append(����R����R ���R
���(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt����unset/���s
�������������c������������C���sS���d��}��xF�|��i��i��ƒ��D]5�\��}��}��|��o���|��d��7}��n���|��d��|��|��f���7}��q��W|��S(����Nt����s����
s����%s = %s(����R����t����items(����R����t����sR ���R
���(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt����__str__6���s������������������c������������C���sÎ���|��i��ƒ���t��|��i��d��ƒ��}��x¡�|��i��ƒ��D]“�}��|��p���Pn���|��i��ƒ��}��t��|��ƒ��d��j��p���|��d���d��j��o���q)�n���|��i��d��ƒ��}��t��|��ƒ��d��j��o���q)�n���|��d���i��ƒ��|��i��|��d���i��ƒ��/dev/null(����R%���t����systemR����(����R����(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt����reload¦���s������(����t����__name__t
���__module__R����R����R����R����R����R����R!���R&���R7���(����(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyR��������s������ � � � � � � V(����(����R%���t����os.pathR"���R*���R����(����(����(����s.���/usr/share/system-config-firewall/fw_sysctl.pyt��������s����������PK��������ƒU�[·5D5À���À��� ���fw_nm.pycnu��W+A„¶���������Ñò
íðeTc������������@���s¢���d��d��k��Z��d��Z��d��Z��d��Z��d��Z��d��Z��d��Z��d��Z��d �Z��d
�Z �d��Z
�d��Z��d
�Z��h��d��e��6d��e �6d��e
�6d��e��6d��e��6Z
�d��d��k��Z��e��i��ƒ��Z��d��„��Z��d��S(����iÿÿÿÿNs����/org/freedesktop/NetworkManagers����org.freedesktop.NetworkManagers,���org.freedesktop.NetworkManagerSystemSettingss*���org.freedesktop.NetworkManagerUserSettingss%���org.freedesktop.NetworkManager.Devices+���org.freedesktop.NetworkManager.Device.Wireds.���org.freedesktop.NetworkManager.Device.Wirelessi����i����i����i����i����s����unknown types����wired Ethernets����802.11 WiFis����GSM-based cellular WANs����CDMA/IS-95-based cellular WANc����
��� ���C���s2���h��}��x%�t��t��g��D]��}��t��i��|��t��ƒ��}��t��i��|��d��t��ƒ��}��y��|��i��ƒ��}��Wn
����q��n��XxÊ�|��D]Â�}��t��i��|��|��ƒ��}��t��i��|��d��d��ƒ��}��|��i �t
�d��ƒ��}��|��i �t
�d��ƒ��}��|��t��j��o���|��i �t��d��ƒ��} �n'��|��t
�j��o���|��i �t��d��ƒ��} �n���qd�h��t��|���d��6t��| �ƒ��d��6|��t��|��ƒ������s*���������������������������������������
�����PK��������ƒU�[d¦B3Ò���Ò�������convert-confignu��W+A„¶���������#!/usr/bin/python
#
# Copyright (C) 2007, 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
# Converts config file from system-config-firewall-1.0.X to
# system-config-firewall-1.1.X
#
import os, os.path, sys
DATADIR = '/usr/share/system-config-firewall'
import sys
sys.path.append(DATADIR)
from fw_config import *
from fw_functions import getPortID, getServiceName
from fw_sysconfig import *
import fw_services
import fw_compat
# check euid
if os.geteuid() != 0:
print _("\nERROR - You must be root to run %s.") % \
os.path.basename(sys.argv[0])
sys.exit(1)
### load configuration ###
config = read_sysconfig_config(compat=True)
if not config:
sys.exit(0)
# OLD_CONFIG (system-config-securitylevel) already converted, but not 1.0
# style CONFIG (system-config-firewall)
if not config.converted and len(config.services) > 0:
# already new stlye file format:
sys.exit(0)
fw_compat.convertToServices(config)
c_status = int(write_sysconfig_config(CONFIG, config) == False)
if c_status != 0:
print _("Failed to write %s.") % CONFIG
sys.exit(c_status)
PK��������ƒU�[gpô"0��"0������fw_services.pynu��W+A„¶���������#
# Copyright (C) 2007, 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
from fw_config import _
from fw_functions import getPortID, getServiceName
class _Service:
def __init__ (self, key, name, ports, description=None, modules=[ ],
destination={ }, default=None):
self.key = key
self.name = name
self.ports = ports
self.description = description
self.modules = modules
self.destination = destination
self.default = default
service_list = [
_Service("ipp-client", _("Network Printing Client (IPP)"),
[ ("631", "udp"), ],
_("The Internet Printing Protocol (IPP) is used for "
"distributed printing. IPP (over udp) provides the ability to "
"get information about a printer (e.g. capability and status) "
"and to control printer jobs. If you plan to use a remote "
"network printer via cups, do not disable this option."),
default=["desktop"]),
_Service("ipp", _("Network Printing Server (IPP)"),
[ ("631", "tcp"), ("631", "udp"), ],
_("The Internet Printing Protocol (IPP) is used for "
"distributed printing. IPP (over tcp) provides the ability to "
"share printers over the network. Enable this option if you "
"plan to share printers via cups over the network.")),
_Service("mdns", _("Multicast DNS (mDNS)"), [ ("5353", "udp"), ],
_("mDNS provides the ability to use DNS programming "
"interfaces, packet formats and operating semantics in a "
"small network without a conventional DNS server. If you plan "
"to use Avahi, do not disable this option."),
default=["desktop"],
destination={"ipv4": "224.0.0.251", "ipv6": "ff02::fb"}),
_Service("ipsec", _("IPsec"), [ (None, "ah"), (None, "esp"),
(500, "udp"), ],
_("Internet Protocol Security (IPsec) incorporates security "
"for network transmissions directly into the Internet Protocol "
"(IP). IPsec provides methods for both encrypting data "
"and authentication for the host or network it sends to. If you "
"plan to use a vpnc server or FreeS/WAN, do not disable this "
"option."),
default=["desktop"]),
_Service("ssh", _("SSH"), [ ("22", "tcp"), ],
_("Secure Shell (SSH) is a protocol for logging into and "
"executing commands on remote machines. It provides secure "
"encrypted communications. If you plan on accessing your "
"machine remotely via SSH over a firewalled interface, enable "
"this option. You need the openssh-server package installed "
"for this option to be useful." ),
default=["server"]),
# _Service("telnet", _("Telnet"), [ ("23", "tcp"), ],
# "Telnet is a protocol for logging into remote machines. It "
# "is unencrypted, and provides little security from network "
# "snooping attacks. Enabling telnet is not recommended. You need "
# "the telnet-server package installed for this option to be "
# "useful."),
_Service("http", _("WWW (HTTP)"), [ ("80", "tcp"), ],
_("HTTP is the protocol used to serve Web pages. If you plan to "
"make your Web server publicly available, enable this option. "
"This option is not required for viewing pages locally or "
"developing Web pages.")),
_Service("ftp", _("FTP"), [ ("21", "tcp"), ],
_("FTP is a protocol used for remote file transfer. If you plan "
"to make your FTP server publicly available, enable this "
"option. You need the vsftpd package installed for this option "
"to be useful."),
modules=[ "nf_conntrack_ftp", ]),
_Service("nfs", _("NFS4"), [ ("2049", "tcp"), ],
_("The NFS4 protocol is used to share files via TCP networking. "
"You will need to have the NFS tools installed "
"and properly configure your NFS server for this option to be "
"useful.")),
_Service("https", _("Secure WWW (HTTPS)"), [ ("443", "tcp"), ],
_("HTTPS is a modified HTTP used to serve Web pages when security "
"is important. Examples are sites that require logins like "
"stores or web mail. This option is not required for viewing "
"pages locally or developing Web pages. You need the httpd "
"package installed for this option to be useful.")),
_Service("smtp", _("Mail (SMTP)"), [ ("25", "tcp"), ],
_("This option allows incoming SMTP mail delivery. If you need "
"to allow "
"remote hosts to connect directly to your machine to deliver "
"mail, enable this option. You do not need to enable this if "
"you collect your mail from your ISP's server by POP3 or IMAP, "
"or if you use a tool such as fetchmail. Note that an "
"improperly configured SMTP server can allow remote machines "
"to use your server to send spam.")),
_Service("samba-client", _("Samba Client"), [ ("137", "udp"),
("138", "udp"), ],
_("This option allows you to access Windows file and printer "
"sharing networks. You need the samba-client "
"package installed for this option to be useful."),
modules=[ "nf_conntrack_netbios_ns", ],
default=["desktop"]),
_Service("samba", _("Samba"), [ ("137", "udp"), ("138", "udp"),
("139", "tcp"), ("445", "tcp"), ],
_("This option allows you to access and participate in Windows "
"file and printer sharing networks. You need the samba "
"package installed for this option to be useful."),
modules=[ "nf_conntrack_netbios_ns", ]),
_Service("dns", _("DNS"), [ ("53", "tcp"), ("53", "udp"), ],
_("The Domain Name System (DNS) is used to provide and request "
"host and domain names. Enable this option, if you plan to "
"provide a domain name service (e.g. with bind).")),
_Service("imaps", _("IMAP over SSL"), [ ("993", "tcp"), ],
_("The Internet Message Access Protocol over SSL (IMAPs) allows "
"a local client to access email on a remote server in a secure "
"way. If you plan to provide a IMAP over SSL service (e.g. with "
"dovecot), enable this option.")),
_Service("pop3s", _("POP-3 over SSL"), [ ("995", "tcp"), ],
_("The Post Office Protocol version 3 (POP3) is a protocol to "
"retrieve email from a remote server over a TCP/IP "
"connection. Enable this option, if you plan to provide a POP3 "
"service (e.g. with dovecot).")),
_Service("radius", _("RADIUS"), [ ("1812", "udp"), ("1813", "udp"), ],
_("The Remote Authentication Dial In User Service (RADIUS) is a "
"protocol for user authentication over networks. It is mostly "
"used for modem, DSL or wireless user authentication. If you "
"plan to provide a RADIUS service (e.g. with freeradius), "
"enable this option.")),
_Service("openvpn", _("OpenVPN"), [ ("1194", "udp"), ],
_("OpenVPN is a virtual private network (VPN) solution. It is "
"used to create encrypted point-to-point tunnels between "
"computers. If you plan to provide a VPN service, enable this "
"option.")),
_Service("tftp", _("TFTP"), [ ("69", "udp"), ],
_("The Trivial File Transfer Protocol (TFTP) is a protocol used "
"to transfer files to and from a remote machine in s simple "
"way. It is normally used only for booting diskless "
"workstations and also to transfer data in the Preboot "
"eXecution Environment (PXE)."),
modules=[ "nf_conntrack_tftp", ]),
_Service("tftp-client", _("TFTP Client"), [ ],
_("This option allows you to access Trivial File Transfer "
"Protocol (TFTP) servers. You need the tftp "
"package installed for this option to be useful."),
modules=[ "nf_conntrack_tftp", ]),
_Service("cluster-suite", _("Red Hat Cluster Suite"), [
# corosync/openais
(5404, "udp"), (5405, "udp"),
# rgmanager pre F-12, RHEL-6
#(41966, "tcp"), (41967, "tcp"), (41968, "tcp"), (41969, "tcp"),
# ricci
(11111, "tcp"),
# dlm
(21064, "tcp"),
# cssd pre F-12, RHEL-6
#(50006, "tcp"), (50008, "tcp"), (50009, "tcp"), (50007, "udp"),
],
_("This option allows you to use the Red Hat Cluster Suite. "
"Ports are opened for openais, ricci and dlm. You need the "
"Red Hat Cluster Suite installed for this option to be "
"useful.")),
_Service("amanda-client", _("Amanda Backup Client"), [ (10080, "udp"), ],
_("The Amanda backup client option allows you to connect to a "
"Amanda backup and archiving server. You need the "
"amanda-client package installed for this option to be "
"useful."),
modules=[ "nf_conntrack_amanda", ]),
_Service("bacula-client", _("Bacula Client"), [ (9102, "tcp"), ],
_("This option allows a Bacula server to connect to the local "
"machine to schedule backups. You need the bacula-client "
"package installed for this option to be useful.")),
_Service("bacula", _("Bacula"), [ (9101, "tcp"), (9102, "tcp"),
(9103, "tcp"), ],
_("Bacula is a network backup solution. Enable this option, if "
"you plan to provide Bacula backup, file and storage "
"services.")),
_Service("libvirt", _("Virtual Machine Management"), [ (16509, "tcp"), ],
_("Enable this option if you want to allow remote virtual "
"machine management with SASL authentication and encryption "
"(digest-md5 passwords or GSSAPI/Kerberos). The libvirtd "
"service is needed for this option to be useful.")),
_Service("libvirt-tls", _("Virtual Machine Management (TLS)"),
[ (16514, "tcp"), ],
_("Enable this option if you want to allow remote virtual "
"machine management with TLS encryption, x509 certificates "
"and optional SASL authentication. The libvirtd service is "
"needed for this option to be useful.")),
]
def getByKey(key):
for x in service_list:
if x.key == key:
return x
return None
def getByName(name):
for x in service_list:
if x.name == name:
return x
return None
def getByPort(port, proto):
for x in service_list:
id = getPortID(port)
name = getServiceName(port, proto)
if (id, proto) in x.ports or (str(id), proto) in x.ports or \
(name, proto) in x.ports:
return x
return None
PK��������ƒU�[$�»à›
��›
��
���fw_selinux.pynu��W+A„¶���������#
# Copyright (C) 2007 Red Hat, Inc.
# Authors:
# Thomas Woerner
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
import os, os.path
from fw_config import OLD_SE_CONFIG, SE_CONFIG
##############################################################################
def read():
filename = None
if os.path.exists(SE_CONFIG) and os.path.isfile(SE_CONFIG):
filename = SE_CONFIG
elif os.path.exists(OLD_SE_CONFIG) and os.path.isfile(OLD_SE_CONFIG):
filename = OLD_SE_CONFIG
try:
fd = open(filename, 'r')
except:
return None
argv = [ ]
for line in fd.xreadlines():
if not line:
break
line = line.strip()
if len(line) < 1 or line[0] == '#':
continue
p = line.split("=")
if len(p) != 2:
continue
key = p[0].strip()
value = p[1].strip()
if key == "SELINUX":
argv.append("--selinux=%s" % value)
elif key == "SELINUXTYPE":
argv.append("--selinuxtype=%s" % value)
fd.close()
return argv
def write(conf, filename=SE_CONFIG):
try:
fd = open(filename, "w")
except:
return False
fd.write("# This file controls the state of SELinux on the system.\n")
fd.write("# SELINUX= can take one of these three values:\n")
fd.write("#\tenforcing - SELinux security policy is enforced.\n")
fd.write("#\tpermissive - SELinux prints warnings instead of enforcing.\n")
fd.write("#\tdisabled - SELinux is fully disabled.\n")
fd.write("SELINUX=%s\n" % conf.selinux)
fd.write("# SELINUXTYPE= type of policy in use. Possible values are:\n")
fd.write("#\ttargeted - Only targeted network daemons are protected.\n")
fd.write("#\tstrict - Full SELinux protection.\n")
if conf.selinuxtype:
fd.write("SELINUXTYPE=%s\n" % conf.selinuxtype)
else:
fd.write("#SELINUXTYPE=\n")
fd.close()
return True
def setenforce(value):
val = 0 # permissive, disabled
if value == "enforcing":
val = 1
return os.system("/usr/sbin/setenforce %d" % val)
PK��������ƒU�[OO9�P ��P ������fw_selinux.pycnu��W+A„¶���������Ñò
íðeTc������������@���sP���d��d��k��Z��d��d��k��Z��d��d��k��l��Z��l��Z���d��„��Z��e��d��„��Z��d��„��Z��d��S(����iÿÿÿÿN(����t
���OLD_SE_CONFIGt ���SE_CONFIGc������������C���s���d��}��t��i��i��t��ƒ��o���t��i��i��t��ƒ��o
��t��}��n1��t��i��i��t��ƒ��o���t��i��i��t��ƒ��o
��t��}��n���y��t��|��d��ƒ��}��Wn�����d��SXg��}��xä�|��i��ƒ��D]Ö�}��|��p���Pn���|��i �ƒ��}��t
�|��ƒ��d��j��p���|��d���d��j��o���q—�n���|��i��d��ƒ��}��t
�|��ƒ��d��j��o���q—�n���|��d���i �ƒ��}��|��d���i �ƒ��}��|��d��j��o���|��i��d��|���ƒ���q—��|��d �j��o���|��i��d
�|���ƒ���q—��q—�W|��i
�ƒ���|��S(����Nt����ri����i����t����#t����=i����t����SELINUXs����--selinux=%st����SELINUXTYPEs����--selinuxtype=%s(����t����Nonet����ost����patht����existsR����t����isfileR����t����opent
���xreadlinest����stript����lent����splitt����appendt����close(����t����filenamet����fdt����argvt����linet����pt����keyt����value(����(����s/���/usr/share/system-config-firewall/fw_selinux.pyt����read����s8�������&�
�&�
�����������
���������$�������������
���
���
�c������������C���s×���y��t��|��d��ƒ��}��Wn�����t��SX|��i��d��ƒ���|��i��d��ƒ���|��i��d��ƒ���|��i��d��ƒ���|��i��d��ƒ���|��i��d��|��i���ƒ���|��i��d��ƒ���|��i��d �ƒ���|��i��d
�ƒ���|��i��o���|��i��d��|��i���ƒ���n���|��i��d��ƒ���|��i��ƒ���t��S(
���Nt����ws9���# This file controls the state of SELinux on the system.
s/���# SELINUX= can take one of these three values:
s3���# enforcing - SELinux security policy is enforced.
s=���# permissive - SELinux prints warnings instead of enforcing.
s(���# disabled - SELinux is fully disabled.
s����SELINUX=%s
s;���# SELINUXTYPE= type of policy in use. Possible values are:
s:���# targeted - Only targeted network daemons are protected.
s$���# strict - Full SELinux protection.
s����SELINUXTYPE=%s
s����#SELINUXTYPE=
(����R����t����Falset����writet����selinuxt����selinuxtypeR����t����True(����t����confR����R����(����(����s/���/usr/share/system-config-firewall/fw_selinux.pyR����7���s$�������������
�
�
�
�
���
�
�
�
���
�
�c������������C���s.���d��}��|��d��j��o
��d��}��n���t��i��d��|���ƒ��S(����Ni����t ���enforcingi����s����/usr/sbin/setenforce %d(����R����t����system(����R����t����val(����(����s/���/usr/share/system-config-firewall/fw_selinux.pyt
���setenforceL���s��������
�
�(����R����t����os.patht ���fw_configR����R����R����R����R%���(����(����(����s/���/usr/share/system-config-firewall/fw_selinux.pyt��������s�������� ���PK��������ƒU�[<¼rXv���v�������etc_services.pynu��W+A„¶���������#
# Copyright (C) 2007 Red Hat, Inc.
# Authors:
# Thomas Woerner
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
ETC_SERVICES = "/etc/services"
def isNumber(string):
try:
i = int(string)
except ValueError:
return 0
else:
return 1
class _Service:
def __init__(self):
self.clear()
def clear(self):
self.p_id = 0
self.p_protocol = ""
self.p_name = ""
self.p_description = ""
self.p_aliases = [ ]
def setID(self, id):
self.p_id = id
def getId(self):
return self.p_id
def setProtocol(self, protocol):
self.p_protocol = protocol
def getProtocol(self):
return self.p_protocol
def setName(self, name):
self.p_name = name
def getName(self):
return self.p_name
def setDescription(self, description):
self.p_description = description
def getDescription(self):
return self.p_description
def setAliases(self, aliases):
self.p_aliases = aliases
def getAliases(self):
return self.p_aliases
def __str__(self):
s = "%s\t%d/%s" % (self.getName(), self.getId(), self.getProtocol())
if len(self.getAliases()) > 0:
s += "\t%s" % " ".join(self.getAliases())
if self.getDescription() != "":
s += "\t# %s" % self.getDescription()
return s
__repr__ = __str__
class _Services(list):
def __init__(self):
list.__init__(self)
self.load()
def load(self):
try:
fd = open(ETC_SERVICES, "r")
except Exception, msg:
print msg
return
for line in fd.xreadlines():
if not line: break
if len(line) < 1 or line[0] == '#':
continue
line = line.strip()
# remove all after '#'
p = line.split("#")
if len(p) < 1:
continue
line = p[0]
if len(p) > 1:
description = p[1].strip()
else:
description = None
# remove empty lines
if len(line) < 1: continue
# remove entries without service name and port/protocol
p = line.split()
if len(p) < 2:
continue
# new service
service = _Service()
# set name and description
service.setName(p[0])
if description != None:
service.setDescription(description)
# port and protocol?
p2 = p[1].split("/")
if len(p2) < 2:
continue
# convert to port id
try:
id = int(p2[0])
except ValueError:
continue
else:
service.setID(id)
# set protocol
service.setProtocol(p2[1])
# append aliases
service.setAliases(p[2:])
# append service
self.append(service)
fd.close()
services = _Services()
PK����������ƒU�[@D+Ô<
��<
��������������������fw_icmp.pyonu��W+A„¶���������PK����������ƒU�[éuÃï
��
����������������w
��fw_functions.pycnu��W+A„¶���������PK����������ƒU�[¢Eâ¹(>��(>����������������T���fw_iptables.pyonu��W+A„¶���������PK����������ƒU�[OO9�P ��P ����������������»S��fw_selinux.pyonu��W+A„¶���������PK����������ƒU�[&_98ú&��ú&����������������I]��fw_services.pycnu��W+A„¶���������PK����������ƒU�[�Æ ��B���B��
�������������‚„��fw_parser.pycnu��W+A„¶���������PK����������ƒU�[?Ûy"¶���¶�����������������ÚÆ��etc_services.pycnu��W+A„¶���������PK����������ƒU�[�Æ ��B���B��
�������������ÐØ��fw_parser.pyonu��W+A„¶���������PK����������ƒU�[½ê ð—���—�����������������(���fw_sysconfig.pyonu��W+A„¶���������PK����������ƒU�[Çú²�½ ��½ ��
�������������ÿ/��fw_config.pycnu��W+A„¶���������PK����������ƒU�[©@é@����������������������ù9��fw_functions.pynu��W+A„¶���������PK����������ƒU�[®ÐNöÕ
��Õ
������������������(>�����������������ÿ��fw_iptables.pycnu��W+A„¶���������PK����������ƒU�[·5D5À���À��� �������������g=��fw_nm.pyonu��W+A„¶���������PK����������ƒU�[Çú²�½ ��½ ��
�������������`E��fw_config.pyonu��W+A„¶���������PK����������ƒU�[ë$En“���“���
�������������ZO��fw_sysctl.pycnu��W+A„¶���������PK����������ƒU�[·5D5À���À��� �������������*`��fw_nm.pycnu��W+A„¶���������PK����������ƒU�[d¦B3Ò���Ò�����������������#h��convert-confignu��W+A„¶���������PK����������ƒU�[gpô"0��"0����������������3o��fw_services.pynu��W+A„¶���������PK����������ƒU�[$�»à›
��›
��
�������������“Ÿ��fw_selinux.pynu��W+A„¶���������PK����������ƒU�[OO9�P ��P ����������������kª��fw_selinux.pycnu��W+A„¶���������PK����������ƒU�[<¼rXv���v�����������������ù³��etc_services.pynu��W+A„¶���������PK������(�(�����®Â����