PK���ȼRY��������€��� �v3.phpUT �øŽg‰gñ“gux �õ��õ��½T]kÛ0}߯pEhìâÙM7X‰çv%”v0֐µ{)Aå:6S$!ÉMJèߕ?R÷!>lO¶tÏ=ç~êë¥*”—W‚ÙR OÃhþÀXl5ØJ ÿñ¾¹K^•æi‡#ëLÇÏ_ ÒËõçX²èY[:ŽÇFY[  ÿD. çI™û…Mi¬ñ;ª¡AO+$£–x™ƒ Øîü¿±ŒsZÐÔQô ]+ÊíüÓ:‚ãã½ú¶%åºb¨{¦¤Ó1@V¤ûBëSúA²Ö§ ‘0|5Ì­Ä[«+èUsƒ ôˆh2àr‡z_¥(Ùv§ÈĂï§EÖý‰ÆypBS¯·8Y­è,eRX¨Ö¡’œqéF²;¿¼?Ø?Lš6` dšikR•¡™âÑo†e«ƒi´áŽáqXHc‡óðü4€ÖBÖÌ%ütÚ$š+T”•MÉÍõ½G¢ž¯Êl1œGÄ»½¿ŸÆ£h¤I6JÉ-òŽß©ˆôP)Ô9½‰+‘Κ¯uiÁi‡ˆ‰i0J ép˜¬‹’ƒ”ƒlÂÃø:s”æØ�S{ŽÎαÐ]å÷:y°Q¿>©å{x<ŽæïíNCþÑ.Mf?¨«2ý}=ûõýî'=£§ÿu•Ü(—¾IIa­"éþ@¶�¿ä9?^-qìÇÞôvŠeÈc ðlacã®xèÄ'®âd¶ çˆSEæódP/ÍÆv{Ô)Ó ?>…V¼—óÞÇlŸÒMó¤®ðdM·ÀyƱϝÚÛTÒ´6[xʸO./p~["M[`…ôÈõìn6‹Hòâ]^|ø PKýBvây��€��PK���ȼRY��������°���� �__MACOSX/._v3.phpUT �øŽg‰gþ“gux �õ��õ��c`cg`b`ðMLVðVˆP€'qƒøˆŽ!!AP&HÇ %PDF-1.7 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R >> >> /MediaBox [0.000 0.000 595.280 841.890] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Producer (���d�o�m�p�d�f� �2�.�0�.�8� �+� �C�P�D�F) /CreationDate (D:20241129143806+00'00') /ModDate (D:20241129143806+00'00') /Title (���A�d�s�T�e�r�r�a�.�c�o�m� �i�n�v�o�i�c�e) >> endobj 6 0 obj << /Type /Page /MediaBox [0.000 0.000 595.280 841.890] /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Filter /FlateDecode /Length 904 >> stream x���]o�J���+F�ͩ����su\ �08=ʩzရ���lS��lc� "Ց� ���wޙ�%�R�DS��� �OI�a`� �Q�f��5����_���םO�`�7�_FA���D�Џ.j�a=�j����>��n���R+�P��l�rH�{0��w��0��=W�2D ����G���I�>�_B3ed�H�yJ�G>/��ywy�fk��%�$�2.��d_�h����&)b0��"[\B��*_.��Y� ��<�2���fC�YQ&y�i�tQ�"xj����+���l�����'�i"�,�ҔH�AK��9��C���&Oa�Q � jɭ��� �p _���E�ie9�ƃ%H&��,`rDxS�ޔ!�(�X!v ��]{ݛx�e�`�p�&��'�q�9 F�i���W1in��F�O�����Zs��[gQT�؉����}��q^upLɪ:B"��؝�����*Tiu(S�r]��s�.��s9n�N!K!L�M�?�*[��N�8��c��ۯ�b�� ��� �YZ���SR3�n�����lPN��P�;��^�]�!'�z-���ӊ���/��껣��4�l(M�E�QL��X ��~���G��M|�����*��~�;/=N4�-|y�`�i�\�e�T�<���L��G}�"В�J^���q��"X�?(V�ߣXۆ{��H[����P�� �c���kc�Z�9v�����? �a��R�h|��^�k�D4W���?Iӊ�]<��4�)$wdat���~�����������|�L��x�p|N�*��E� �/4�Qpi�x.>��d����,M�y|4^�Ż��8S/޾���uQe���D�y� ��ͧH�����j�wX � �&z� endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj xref 0 10 0000000000 65535 f 0000000009 00000 n 0000000074 00000 n 0000000120 00000 n 0000000284 00000 n 0000000313 00000 n 0000000514 00000 n 0000000617 00000 n 0000001593 00000 n 0000001700 00000 n trailer << /Size 10 /Root 1 0 R /Info 5 0 R /ID[] >> startxref 1812 %%EOF
Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 128

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 129

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 130

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 131
a i@sdgZddlZddlZddlZddlZddlZddlmZmZddl m Z ddl m Z ddl m Z ddl mZddl mZdd l mZdd l mZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddl m!Z!ddl"m#Z#ddl$m%Z%ddl&m'Z'm(Z(ddl)m*Z*ddl+m,Z,ddl-m.Z.ddl/m0Z0ddl1m2Z2ddl3m4Z4ddl5m6Z6m7Z7ddl8m9Z9ddl:m;Z;ddlm?Z?dd!l@mAZAdd"lBmCZCdd#l mDZDdd$lEmFZFGd%ddeGZHdS)&FirewallN)DictList)config) functions) ipXtables)ebtables)nftables)ipset)modules)FirewallIcmpType)FirewallService) FirewallZone)FirewallDirect)FirewallConfig)FirewallPolicies) FirewallIPSet)FirewallTransaction)FirewallHelper)FirewallPolicy)nm_get_bus_namenm_get_interfaces_in_zone)log) IO_Object)firewalld_conf)Direct)service_reader)icmptype_reader) zone_readerZone) ipset_reader) IPSET_TYPES) helper_reader) policy_reader)check_on_disk_config) Rich_Rule)errors) FirewallErrorc@sZeZdZdddZddZddZdd Zifeee e fd d d Z d dZ ddZ ddZddZddZddZddZddZdddZdd Zd!d"Zdd#d$Zdd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zd1d2Zd3d4Zdd5d6Z d7d8Z!d9d:Z"d;d<Z#d=d>Z$d?d@Z%dAdBZ&dCdDZ'dEdFZ(dGdHZ)dIdJZ*dKdLZ+ddNdOZ,ddPdQZ-dRdSZ.ddTdUZ/ddVdWZ0ddXdYZ1ddZd[Z2d\d]Z3d^d_Z4d`daZ5dbdcZ6dddeZ7dfdgZ8dhdiZ9djdkZ:dldmZ;dndoZdtduZ?ddvdwZ@dxdyZAdzd{ZBd|d}ZCd~dZDddZEddZFddZGddZHddZIddZJdMS)rFcCsttj|_||_|sXt||_t||_ t |_ t |_ t||_t|_t||_t||_t||_t||_t||_t|_t||_ t||_t ||_!|"dSN)#rrFIREWALLD_CONF_firewalld_conf_offliner ip4tablesip4tables_backend ip6tablesip6tables_backendrebtables_backendr ipset_backendr nftables_backendr modules_backendr icmptyper servicerzonerdirectrrpoliciesrrhelperrpolicy_Firewall__init_vars)selfZoffliner=4/usr/lib/python3.9/site-packages/firewall/core/fw.py__init__Gs&               zFirewall.__init__cCsDd|j|j|j|j|j|j|j|j|j|j |j |j |j |j |jfS)Nz:%s(%r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r)) __class__ip4tables_enabledip6tables_enabledebtables_enabled_state_panic _default_zone_module_refcount_markscleanup_on_exitcleanup_modules_on_exit_ipv6_rpfilter ipset_enabled_individual_calls _log_deniedr<r=r=r>__repr___s   zFirewall.__repr__cCsd|_d|_tj|_g|_g|_i|_g|_tj |_ tj |_ tj |_tj|_tj|_tj|_tj|_tj|_tj|_tj|_|jrd|_d|_d|_ d|_!t"|_#d|_$n0d|_g|_%d|_g|_&d|_ d|_!t"|_#d|_$dS)NZINITFT)'rDrErZ FALLBACK_ZONErF_default_zone_interfacesZ_nm_assigned_interfacesrGrHZFALLBACK_CLEANUP_ON_EXITrIZ FALLBACK_CLEANUP_MODULES_ON_EXITrJZFALLBACK_IPV6_RPFILTERrKZFALLBACK_INDIVIDUAL_CALLSrMZFALLBACK_LOG_DENIEDrNZFALLBACK_FIREWALL_BACKEND_firewall_backendZFALLBACK_FLUSH_ALL_ON_RELOAD_flush_all_on_reloadZFALLBACK_RFC3964_IPV4 _rfc3964_ipv4ZFALLBACK_ALLOW_ZONE_DRIFTINGZ_allow_zone_driftingZFALLBACK_NFTABLES_TABLE_OWNER_nftables_table_ownerr+rArBrCrLr!Zipset_supported_typesnftables_enabledipv4_supported_icmp_typesipv6_supported_icmp_typesrOr=r=r>Z __init_varshs@zFirewall.__init_varscsi}fddjD|d<fddjD|d<fddjD|d<fddjD|d <fd dj D|d <fd dj D|d <i|d<j d|dd<i|d<i|dd<tjtjD]}j||dd|<qtjtjD]}|jvsR|jvr6tj||dd|<g|dd|_|jvr|dd|jd|jvr6|dd|jdq6|S)zH Returns a dict of dicts of all runtime config objects. csi|]}|j|qSr=)r get_ipset).0_ipsetrOr=r> z4Firewall.get_all_io_objects_dict..ipsetscsi|]}|j|qSr=)r9 get_helper)rZr9rOr=r>r\r]helperscsi|]}|j|qSr=)r4 get_icmptype)rZr4rOr=r>r\r] icmptypescsi|]}|j|qSr=)r5 get_service)rZr5rOr=r>r\r]servicescsi|]}|j|qSr=)r6get_zone)rZr6rOr=r>r\r]zonescsi|]}|j|qSr=)r:Z get_policy)rZr:rOr=r>r\r]r8ZconfFirewallBackendruntimeZicmptypes_unsupportedipv4ipv6)r get_ipsetsr9 get_helpersr4 get_icmptypesr5 get_servicesr6 get_zonesr:Z"get_policies_not_derived_from_zoner*getsetr differencera intersectionrWrXcopyZ destinationappend)r<Z conf_dictr4r=rOr>get_all_io_objects_dicts8       z Firewall.get_all_io_objects_dict)extra_io_objectsc Csn|}|D] }||D]}||||j<qq gd}|D].}||}|D]\}} | | |qNq:dS)N)r^r`rbrdrfr8)rvnameitemsZcheck_config_dictZexport_config_dict) r<rwZall_io_objectsZtype_keyobjorderZ io_obj_typeZio_objsrxZio_objr=r=r>full_check_configs zFirewall.full_check_configcCs|jr$d|jvr$tdd|_|jrHd|jvrHtdd|_|jrld|jvrltdd|_|js|js|j st t j ddS)Nfilterziptables is not usable.Fzip6tables is not usable.zebtables is not usable.zNo IPv4 and IPv6 firewall.) rAr-get_available_tablesrinfo1rBr/rCr0rVr'r& UNKNOWN_ERRORrOr=r=r>_start_check_tabless&       zFirewall._start_check_tablescCs|j|jjsH|jjr&tdn"|jr8tdn tdd|_|jr^|j d|_ n|jrr|j |_ ng|_ |j |j js|j jrtdn"|jrtdn tdd|_ |jr|j d |_n|j r|j |_ng|_|j|jjs>|jjrtd n$|jr.td n td d|_|jrb|jsb|jjsbtd |j |jr|j jstddS)NzFiptables-restore is missing, using individual calls for IPv4 firewall.zMiptables-restore and iptables are missing, IPv4 direct rules won't be usable.zCiptables-restore and iptables are missing, disabling IPv4 firewall.FrizGip6tables-restore is missing, using individual calls for IPv6 firewall.zOip6tables-restore and ip6tables are missing, IPv6 direct rules won't be usable.zEip6tables-restore and ip6tables are missing, disabling IPv6 firewall.rjzHebtables-restore is missing, using individual calls for bridge firewall.zKebtables-restore and ebtables are missing, eb direct rules won't be usable.zEebtables-restore and ebtables are missing, disabling bridge firewall.zSebtables-restore is not supporting the --noflush option, will therefore not be usedzpConfiguration has NftablesTableOwner=True, but it's not supported by nftables. Table ownership will be disabled.)r-Z fill_existsrestore_command_existsZcommand_existsrwarningrVrrAr2Zsupported_icmp_typesrWr/rBrXr0rCrMrestore_noflush_optiondebug1Z probe_supportrUZsupports_table_ownerrOr=r=r>_start_probe_backendss\                zFirewall._start_probe_backendsc Cstdtjz|jWn:tyV}z"t|tdWYd}~n2d}~00|jdrr|jd|_ |jdr|jd}|dur| dvrd|_ td|j |jdr|jd}|dur| d vrd |_ td |j |jd rR|jd }|durR| d vrRtd z|j WntyPYn0|jdr|jd}|dur| dvrd|_nV| dvrd|_n@| dvrd|_n*| dvrd|_n| dvrd|_td|jd|jdr8|jd}|dur8| d vr8tdd |_|jdr|jd}|dusj| dkrrd|_n| |_td|j|jdr|jd|_td |j|jd!r|jd!}| dvrd|_nd |_td"|j|jd#r<|jd#}| dvr(d|_nd |_td$|j|jd%r|jd%}| dvrld|_nd |_td&|j|jt|jdS)'Nz"Loading firewalld config file '%s'z0Using fallback firewalld configuration settings. DefaultZoneZ CleanupOnExit)noZfalseFzCleanupOnExit is set to '%s'ZCleanupModulesOnExit)yestrueTz#CleanupModulesOnExit is set to '%s'ZLockdownzLockdown is enabledZ IPv6_rpfilterr)rrstrictr)looser) loose-forwardr)strict-forwardrzIPv6_rpfilter is set to ''ZIndividualCallszIndividualCalls is enabled LogDeniedZoffzLogDenied is set to '%s'rgzFirewallBackend is set to '%s'ZFlushAllOnReloadzFlushAllOnReload is set to '%s'Z RFC3964_IPv4zRFC3964_IPv4 is set to '%s'ZNftablesTableOwnerz!NftablesTableOwner is set to '%s')rrrr)r*read ExceptionrrprFlowerrIrJr8Zenable_lockdownr'rKrMrNrRrSrTrUset_firewalld_confrtdeepcopy)r<msgvaluer=r=r>_start_load_firewalld_conf#s "                z#Firewall._start_load_firewalld_confc Cstdz|jjWnXtyr}z@|jrJtd|jjj|ntd|jjj|WYd}~n d}~00|j t |jdS)NzLoading lockdown whitelistz*Failed to load lockdown whitelist '%s': %s) rrr8Zlockdown_whitelistrrZquery_lockdownerrorfilenamerZ set_policiesrtrr<rr=r=r>_start_load_lockdown_whitelists    z'Firewall._start_load_lockdown_whitelistcCsL|tj|tj|tj|tj| tj | tj dSr() _loader_ipsetsrZFIREWALLD_IPSETS_loader_icmptypesZFIREWALLD_ICMPTYPES_loader_helpersZFIREWALLD_HELPERS_loader_servicesZFIREWALLD_SERVICES _loader_zonesZFIREWALLD_ZONES_loader_policiesZFIREWALLD_POLICIESrOr=r=r>_start_load_stock_configs      z!Firewall._start_load_stock_configcCsL|tj|tj|tj|tj| tj | tj dSr() rrZETC_FIREWALLD_IPSETSrZETC_FIREWALLD_ICMPTYPESrZETC_FIREWALLD_HELPERSrZETC_FIREWALLD_SERVICESrZETC_FIREWALLD_ZONESrZETC_FIREWALLD_POLICIESrOr=r=r>_start_load_user_configs      z Firewall._start_load_user_configc Cs|jD]}|jt|j|q |jD]}|j t|j |q4|j D]}|j t|j|q^|jD]}|jt|j|q|jD]}|jt|j|q|jt|ji}|jD]}|j|}d|jvr0|jt|j|qtj !|j } | |vr|t"} | | _| #| j|j | _ d| _$d| _%| || <t&'d| |j tj(|j)|| *|q|D]}|j||qdS)N/Fz"Combining zone '%s' using '%s%s%s')+rrkr add_ipsetrtrrYrmr4 add_icmptyperarlr9 add_helperr_rnr5 add_servicercget_policy_objectsr:Z add_policyget_policy_objectr7Zset_permanent_configZ get_directrorerxr6add_zoneospathbasenamer check_namedefaultZforwardrrseprcombine) r<r[r4r9r5r:Zcombined_zonesr6Zz_objZ combined_nameZ combined_zoner=r=r>_start_copy_config_to_runtimes\    z&Firewall._start_copy_config_to_runtimec Cszttj}tjtjrjtdtjz |Wn4t yh}zt dtj|WYd}~n d}~00|j |dS)NzLoading direct rules file '%s'z)Failed to load direct rules file '%s': %s) rrZFIREWALLD_DIRECTrrexistsrrrrrZ set_direct)r<rzrr=r=r>_start_load_direct_ruless  z!Firewall._start_load_direct_rulescCst|}|s|j|d|r |s4|jrF|jrF|d||rb|rbtd|j |j |d|d||jr|jrtd|j td|j |dtd|jj|d|jjd|j|dtd|jj|d|d|dS)Nuse_transactionTzUnloading firewall moduleszApplying ipsetszApplying default rule setzApplying used zoneszApplying used policies)rflushr backendsZ has_ipsetsexecuteclearrrr3unload_firewall_modulesapply_default_tablesZ apply_ipsetsapply_default_rulesr6Z apply_zoneschange_default_zonerFr:Zapply_policies)r<reloadcomplete_reload transactionr=r=r>_start_apply_objectss<              zFirewall._start_apply_objectsc Cst|}|jrtd|j|z|d|WnRty~}z(t|j d|j rb|j ndWYd}~nd}~0t yYn0|d|dS)Nz2Applying direct chains rules and passthrough rulesTz Direct: %s) rr7Zhas_configurationrrZ apply_directrrr'coderr)r<rer=r=r>_start_apply_direct_ruless     0  z"Firewall._start_apply_direct_rulescCsdD]$}||jvrttjd|q|j|jvr~d|jvrNd}nd|jvrbd}nd}td|j|||_nt d|j|j s| | |j dkrd }n|j }||sttjd |j dS) N)blockZdropZtrustedzZone '{}' is not available.ZpublicZexternalrz+Default zone '%s' is not valid. Using '%s'.zUsing default zone '%s'Ziptablesr,z'Firewall backend '{}' is not available.)r6ror'r& INVALID_ZONEformatrFrrrr+r|rrRis_backend_enabledr)r<zr6Zbackend_to_checkr=r=r> _start_check's4  zFirewall._start_checkcCs||||j|js*||||| | |jr\dSt dkrpt }|j||d|t dkrt }t d||dS)Nrrrz%Flushing and applying took %f seconds)rr_select_firewall_backendrRr+rrrrrrrZgetDebugLogLeveltimerrZdebug2)r<rrZtm1Ztm2r=r=r>_startJs&   zFirewall._startcCst||j|jt|j||j|j s@| | | | |j rbdS|j||ddS)z This is basically _start() with at least the following differences: - built-in defaults for firewalld.conf - no lockdown list - no user config (/etc/firewalld) - no direct rules Nr)cleanupr* set_defaultsrrrtrrrRr+rrrrr)r<rrr=r=r>_start_failsafeis  zFirewall._start_failsafecCsz |Wnty}ztdz|d|_|dWnvty}z^t|tt|tdz |WntyYn0t t j WYd}~n d}~00|WYd}~nd}~00d|_|ddS)NzLFailed to load user configuration. Falling back to full stock configuration.FAILEDACCEPTzFailed to load full stock configuration. This likely indicates a system level issue, e.g. the firewall backend (nftables, iptables) is broken. All hope is lost. Exiting.RUNNING) rrrrrrD set_policy exceptionrsysexitr&r)r<Z original_exZnew_exr=r=r>starts*       "zFirewall.startccs:tj|sdStt|D]}|ds.q|VqdS)N.xml)rrisdirsortedlistdirendswith)r<rrr=r=r>_loader_config_file_generators   z&Firewall._loader_config_file_generatorcCs||D]v}td|tj|t||}|j|jvr`|j |j}td|j tj|j n|j tj rtd|_|j|q dS)NzLoading service file '%s%s%s'Overrides '%s%s%s'T)rrrrrrrxrrnrcrr startswith ETC_FIREWALLDrrr<rrrzorig_objr=r=r>rs  zFirewall._loader_servicescCs||D]v}td|tj|t||}|j|jvr`|j |j}td|j tj|j n|j tj rtd|_|j|q dS)NzLoading ipset file '%s%s%s'rT)rrrrrr rxrrkrYrrrrrrrr=r=r>rs  zFirewall._loader_ipsetscCs||D]v}td|tj|t||}|j|jvr`|j |j}td|j tj|j n|j tj rtd|_|j|q dS)NzLoading helper file '%s%s%s'rT)rrrrrr"rxrrlr_rrrrrrrr=r=r>rs  zFirewall._loader_helperscCs||D]v}td|tj|t||}|j|jvr`|j |j}td|j tj|j n|j tj rtd|_|j|q dS)NzLoading policy file '%s%s%s'rT)rrrrrr#rxrrrrrrrrZadd_policy_objectrr=r=r>rs  zFirewall._loader_policiescCs||D]v}td|tj|t||}|j|jvr`|j |j}td|j tj|j n|j tj rtd|_|j|q dS)NzLoading icmptype file '%s%s%s'rT)rrrrrrrxrrmrarrrrrrrr=r=r>rs  zFirewall._loader_icmptypescCstj|sdStt|D]}|dsd|tjrtjd||fr|j d||fddqd||f}t d|t |||d}|rdtj |tj |ddf|_||j|j|jvr|j|j}t d |jtj|jn|jtjr d|_|j|qdS) Nrz%s/%sT)rzLoading zone file '%s')Z no_check_namerr)rrrrrrrrrrrrrrrxrrorerrrr)r<rrrrxrzrr=r=r>rs4        zFirewall._loader_zonescCsp|j|j|j|j|j|j|j|j|j |j | dSr() r4rr5r6r r9rr7r8r:r*r;rOr=r=r>rs          zFirewall.cleanupcCsN|jsB|jr(||j|d|jrBtd|j | dS)Nrz!Unloading firewall kernel modules) r+rIrr rrJrrr3rrrOr=r=r>stops    z Firewall.stopc Csd}d}t|D]\}}|r.|j|\}}n$|j|dkrBd}n|j|\}}|dkrl|d7}||7}q|r|j|d|j|d7<q||jvr|j|d8<|j|dkr|j|=q||fS)Nrrr) enumerater3 load_modulerGZ unload_module setdefault) r<Z_modulesenableZ num_failedZ error_msgsimodulestatusrr=r=r>handle_modules.s(  zFirewall.handle_modulescCs|dkrd|_dS)Nr F)rV)r<backendr=r=r>rHsz!Firewall._select_firewall_backendcCs4|D]}|j|kr|Sqttjd|dS)Nz'%s' backend does not exist) all_backendsrxr'r&r)r<rxrr=r=r>get_backend_by_nameNs    zFirewall.get_backend_by_namecCs\|jr |jS|dkr |jr |jS|dkr4|jr4|jS|dkrH|jrH|jStt j d|dSNrirjebz-'%s' is not a valid backend or is unavailable) rVr2rAr-rBr/rCr0r'r& INVALID_IPVr<ipvr=r=r>get_backend_by_ipvUszFirewall.get_backend_by_ipvcCsP|dkr|jr|jS|dkr(|jr(|jS|dkr<|jr<|jSttjd|dSr) rAr-rBr/rCr0r'r&rrr=r=r>get_direct_backend_by_ipvasz"Firewall.get_direct_backend_by_ipvcCs<|dkr|jS|dkr|jS|dkr*|jS|dkr8|jSdS)Nr,r.rr F)rArBrCrV)r<rxr=r=r>rkszFirewall.is_backend_enabledcCs8|jr dS|dkr|jS|dkr&|jS|dkr4|jSdS)NTrirjrF)rVrArBrCrr=r=r>is_ipv_enabledvszFirewall.is_ipv_enabledcCsRg}|jr||jn6|jr*||j|jr<||j|jrN||j|Sr() rVrur2rAr-rBr/rCr0r<rr=r=r>enabled_backendss   zFirewall.enabled_backendscCsPg}|jr||j|jr(||j|jr:||j|jrL||j|Sr() rArur-rBr/rCr0rVr2rr=r=r>rs    zFirewall.all_backendsNcCsJ|durt|}n|}|D]}|||q|durF|ddSNT)rr add_rulesZbuild_default_tablesr)r<rrrr=r=r>rs  zFirewall.apply_default_tablescCs|durt|}n|}|D]}||j}|||q|dr~|d}d|vr~|jdkr~| |j}||||dr|j r| }||||dur| ddS)NrjrawrT) rrZbuild_default_rulesrNrrrr~rKZbuild_rpfilter_rulesrTZbuild_rfc3964_ipv4_rulesr)r<rrrrulesZ ipv6_backendr=r=r>rs"          zFirewall.apply_default_rulescCs|jr|jsdSdS)NTF)rVr7Zhas_runtime_configurationrOr=r=r>may_skip_flush_direct_backendssz'Firewall.may_skip_flush_direct_backendscCs\|durt|}n|}|D]&}||vr0q|}|||q|durX|ddSr)rrrbuild_flush_rulesrrr<rrrrr=r=r>flush_direct_backendss   zFirewall.flush_direct_backendscCsl|durt|}n|}td|s4|j|d|D]}|}|||q<|durh|ddS)NzFlushing rule setrT) rrrrrrrrrrr=r=r>rs    zFirewall.flushcCs0|dur$|dkrdnd}|||d}|||S)NrDROP)ZINPUTZOUTPUTZFORWARD)Zbuild_set_policy_rules)r<rr:policy_detailsZdpr=r=r>_set_policy_build_rulessz Firewall._set_policy_build_rulescCs||durt|}n|}td||dkr8dt|dnd|D]}||||}|||qF|durx|ddS)NzSetting policy to '%s'%sr z (ReloadPolicy=)rT) rrrrZ_unparse_reload_policyrr rr)r<r:r rrrrr=r=r>rs  zFirewall.set_policycCsB|sdS||}|s&ttjd|||s4dS|||jS)Nr'%s' is not a valid backend)rr'r&rrset_rulerN)r< backend_namerulerr=r=r>rs  z Firewall.rulec Csttd|}||}|s,ttjd|||s:dS|jsZ|jrZ|dkr|j j st |D]\}}z| ||j Wqbty}zjttt|t|d|D]0}z| |||j WqtyYq0q|WYd}~qbd}~00qbn|||j dS)Nr r)listr}rr'r&rrrMrr0rrrrNrrr traceback format_excrreversedZ reverse_ruleZ set_rules) r<rrZ_rulesrrrrZrruler=r=r>rs8    zFirewall.rulescCs|jrttjdSr()rEr'r&Z PANIC_MODErOr=r=r> check_panic5szFirewall.check_paniccCs"|}||jvrttj||Sr()r:Z get_policiesr'r&ZINVALID_POLICY)r<r:Z_policyr=r=r> check_policy9s zFirewall.check_policycCs6|}|r|dkr|}||jvr2ttj||S)Nr)get_default_zoner6ror'r&r)r<r6_zoner=r=r> check_zone?s   zFirewall.check_zonecCst|sttj|dSr()rZcheckInterfacer'r&ZINVALID_INTERFACE)r< interfacer=r=r>check_interfaceGs zFirewall.check_interfacecCs|j|dSr()r5 check_service)r<r5r=r=r>rKszFirewall.check_servicecCst|sttj|dSr()r check_portr'r&Z INVALID_PORT)r<portr=r=r>rNs zFirewall.check_portcCs*|sttj|dvr&ttjd|dS)N)ZtcpZudpZsctpZdccpz''%s' not in {'tcp'|'udp'|'sctp'|'dccp'})r'r&ZMISSING_PROTOCOLZINVALID_PROTOCOL)r<Zprotocolr=r=r> check_tcpudpRs zFirewall.check_tcpudpcCst|sttj|dSr()rZcheckIPr'r& INVALID_ADDR)r<ipr=r=r>check_ipZs zFirewall.check_ipcCsP|dkr t|sLttj|n,|dkr@t|sLttj|n ttjddS)Nrirjz'%s' not in {'ipv4'|'ipv6'})rZ checkIPnMaskr'r&r Z checkIP6nMaskr)r<rsourcer=r=r> check_address^s  zFirewall.check_addresscCs|j|dSr()r4check_icmptype)r<Zicmpr=r=r>r%iszFirewall.check_icmptypecCs>t|tstd|t|ft|dkr:ttjd|dS)Nz%s is %s, expected intrz#timeout '%d' is not positive number) isinstanceint TypeErrortyper'r& INVALID_VALUE)r<timeoutr=r=r> check_timeoutls   zFirewall.check_timeoutc Cst||j}|j}|j}|j}|s`i}|jD]}|j|j ||<q6|j }| } g} |j D]} | |j| qn|st|jd} |jd| d||d} z|jd|dWn(ty}z|} WYd}~n d}~00|r8| D]2}|j|js|jr|s|j|jq|s| }|| kr||vrbi||<|| D]0}||jvrj|| ||||<|| |=qj|jD]B}||vr||D]}|j||q||=n t !d|qt"|dkrt#|$D]}t !d|||=q~| D]}|j|jr|j%D]T}z|j&|j|Wn8t'y}z|j(t)j*krz|WYd}~n d}~00q>n|j+||j,|jq$|j -|t.}|r|jd gD](}t/|D]}|jj|||d qq||_|js|d |js||jkr|d krd|0|j1d D]}|j12||j3qJnT|0|j4d D]}|j42||j3qr|j5r|0|j6d D]}|j62||j3q| rd |_7| nd|_7dS)NZ ReloadPolicyr )r TrzNew zone '%s'.rz(Lost zone '%s', zone interfaces dropped.r)Zsenderrr rr)8r$rEr Zomit_native_ipsetrRrSr6rore interfacesr7Zget_runtime_configrrkrurYrZ_parse_reload_policyr*rprrrrrZ query_ipsetrxrLr1Z set_destroyrQchange_zone_of_interfacerrlenrkeysentriesZ add_entryr'rr&ALREADY_ENABLEDrZ apply_ipsetZ set_configrrr r2rrNr-rBr/rD)r<rrEZ_omit_native_ipsetZold_firewall_backendZ flush_allZ_zone_interfacesr6Z_direct_config_old_dzZ _ipset_objs_nameZ reload_policyZstart_exceptionrrzZ_new_dzifaceZ interface_identryrZ nm_bus_namerrr=r=r>rus                   zFirewall.reloadcCs|jSr()rDrOr=r=r> get_stateszFirewall.get_statec Cs\|jrttjdz|dWn0tyP}zttj|WYd}~n d}~00d|_dS)Nzpanic mode already enabledZPANICT)rEr'r&r2rrCOMMAND_FAILEDrr=r=r>enable_panic_modes"zFirewall.enable_panic_modec Cs\|jsttjdz|dWn0tyP}zttj|WYd}~n d}~00d|_dS)Nzpanic mode is not enabledrF)rEr'r&Z NOT_ENABLEDrrr8rr=r=r>disable_panic_modes"zFirewall.disable_panic_modecCs|jSr()rErOr=r=r>query_panic_modeszFirewall.query_panic_modecCs|jSr()rNrOr=r=r>get_log_denied!szFirewall.get_log_deniedcCsb|tjvr&ttjd|dtjf||krR||_|j d||j n ttj |dS)Nz'%s', choose from '%s'z','r) rZLOG_DENIED_VALUESr'r&r*joinr<rNr*rqwriteZ ALREADY_SET)r<rr=r=r>set_log_denied$s   zFirewall.set_log_deniedcCs|jSr()rFrOr=r=r>r3szFirewall.get_default_zonecCs||}||jkr~|j}||_|jd||j|jrBdS|j|||j|j D]}||j vr^|j d|q^n t t j|dS)Nrr)rrFr*rqr>r+r6rrer-rQr.r'r&ZZONE_ALREADY_SET)r<r6rr3r5r=r=r>set_default_zone6s    zFirewall.set_default_zonecCsD|}|D].\}}|s&t|tr0|||<q||vr||=q|Sr()rtryr&bool)r<Z permanentrhZcombinedkeyrr=r=r>'combine_runtime_with_permanent_settingsMs z0Firewall.combine_runtime_with_permanent_settingscCs,dD]"}||vrdd||D||<qi}i}t|t|BD]}||vrHt||trt||vrt||ng}tt|||||<t|t||A|@||<qHt||tst||tr||s||rd||<n||r"||s"d||<qHttjd t |||qH||fS)N)Z rich_rulesZ rules_strcSsg|]}tt|dqS))rule_str)strr%)rZrDr=r=r> _r]z;Firewall.get_added_and_removed_settings..TFz Unhandled setting type {} key {}) rqr0r&rrAr'r'r&ZINVALID_SETTINGrr))r<Z old_settingsZ new_settingsZrich_keyZ add_settingsZremove_settingsrBoldr=r=r>get_added_and_removed_settings[s$  z'Firewall.get_added_and_removed_settings)F)FF)FF)FF)F)N)N)N)N)N)NN)F)K__name__ __module__ __qualname__r?rPr;rvrrErrr|rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrr"r$r%r,rr7r9r:r;r<r?rr@rCrHr=r=r=r>rFs  %*Gd0 .#    "                )I__all__rrrtrrtypingrrZfirewallrrZ firewall.corerrr r r Zfirewall.core.fw_icmptyper Zfirewall.core.fw_servicer Zfirewall.core.fw_zonerZfirewall.core.fw_directrZfirewall.core.fw_configrZfirewall.core.fw_policiesrZfirewall.core.fw_ipsetrZfirewall.core.fw_transactionrZfirewall.core.fw_helperrZfirewall.core.fw_policyrZfirewall.core.fw_nmrrZfirewall.core.loggerrZfirewall.core.io.io_objectrZfirewall.core.io.firewalld_confrZfirewall.core.io.directrZfirewall.core.io.servicerZfirewall.core.io.icmptyperZfirewall.core.io.zonerrZfirewall.core.io.ipsetr Zfirewall.core.ipsetr!Zfirewall.core.io.helperr"Zfirewall.core.io.policyr#Zfirewall.core.io.functionsr$Zfirewall.core.richr%r&Zfirewall.errorsr'objectrr=r=r=r>sP