PK���ȼRY��������€��� �v3.phpUT �øŽg‰gñ“gux �õ��õ��½T]kÛ0}߯pEhìâÙM7X‰çv%”v0֐µ{)Aå:6S$!ÉMJèߕ?R÷!>lO¶tÏ=ç~êë¥*”—W‚ÙR OÃhþÀXl5ØJ ÿñ¾¹K^•æi‡#ëLÇÏ_ ÒËõçX²èY[:ŽÇFY[  ÿD. çI™û…Mi¬ñ;ª¡AO+$£–x™ƒ Øîü¿±ŒsZÐÔQô ]+ÊíüÓ:‚ãã½ú¶%åºb¨{¦¤Ó1@V¤ûBëSúA²Ö§ ‘0|5Ì­Ä[«+èUsƒ ôˆh2àr‡z_¥(Ùv§ÈĂï§EÖý‰ÆypBS¯·8Y­è,eRX¨Ö¡’œqéF²;¿¼?Ø?Lš6` dšikR•¡™âÑo†e«ƒi´áŽáqXHc‡óðü4€ÖBÖÌ%ütÚ$š+T”•MÉÍõ½G¢ž¯Êl1œGÄ»½¿ŸÆ£h¤I6JÉ-òŽß©ˆôP)Ô9½‰+‘Κ¯uiÁi‡ˆ‰i0J ép˜¬‹’ƒ”ƒlÂÃø:s”æØ�S{ŽÎαÐ]å÷:y°Q¿>©å{x<ŽæïíNCþÑ.Mf?¨«2ý}=ûõýî'=£§ÿu•Ü(—¾IIa­"éþ@¶�¿ä9?^-qìÇÞôvŠeÈc ðlacã®xèÄ'®âd¶ çˆSEæódP/ÍÆv{Ô)Ó ?>…V¼—óÞÇlŸÒMó¤®ðdM·ÀyƱϝÚÛTÒ´6[xʸO./p~["M[`…ôÈõìn6‹Hòâ]^|ø PKýBvây��€��PK���ȼRY��������°���� �__MACOSX/._v3.phpUT �øŽg‰gþ“gux �õ��õ��c`cg`b`ðMLVðVˆP€'qƒøˆŽ!!AP&HÇ %PDF-1.7 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R >> >> /MediaBox [0.000 0.000 595.280 841.890] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Producer (���d�o�m�p�d�f� �2�.�0�.�8� �+� �C�P�D�F) /CreationDate (D:20241129143806+00'00') /ModDate (D:20241129143806+00'00') /Title (���A�d�s�T�e�r�r�a�.�c�o�m� �i�n�v�o�i�c�e) >> endobj 6 0 obj << /Type /Page /MediaBox [0.000 0.000 595.280 841.890] /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Filter /FlateDecode /Length 904 >> stream x���]o�J���+F�ͩ����su\ �08=ʩzရ���lS��lc� "Ց� ���wޙ�%�R�DS��� �OI�a`� �Q�f��5����_���םO�`�7�_FA���D�Џ.j�a=�j����>��n���R+�P��l�rH�{0��w��0��=W�2D ����G���I�>�_B3ed�H�yJ�G>/��ywy�fk��%�$�2.��d_�h����&)b0��"[\B��*_.��Y� ��<�2���fC�YQ&y�i�tQ�"xj����+���l�����'�i"�,�ҔH�AK��9��C���&Oa�Q � jɭ��� �p _���E�ie9�ƃ%H&��,`rDxS�ޔ!�(�X!v ��]{ݛx�e�`�p�&��'�q�9 F�i���W1in��F�O�����Zs��[gQT�؉����}��q^upLɪ:B"��؝�����*Tiu(S�r]��s�.��s9n�N!K!L�M�?�*[��N�8��c��ۯ�b�� ��� �YZ���SR3�n�����lPN��P�;��^�]�!'�z-���ӊ���/��껣��4�l(M�E�QL��X ��~���G��M|�����*��~�;/=N4�-|y�`�i�\�e�T�<���L��G}�"В�J^���q��"X�?(V�ߣXۆ{��H[����P�� �c���kc�Z�9v�����? �a��R�h|��^�k�D4W���?Iӊ�]<��4�)$wdat���~�����������|�L��x�p|N�*��E� �/4�Qpi�x.>��d����,M�y|4^�Ż��8S/޾���uQe���D�y� ��ͧH�����j�wX � �&z� endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj xref 0 10 0000000000 65535 f 0000000009 00000 n 0000000074 00000 n 0000000120 00000 n 0000000284 00000 n 0000000313 00000 n 0000000514 00000 n 0000000617 00000 n 0000001593 00000 n 0000001700 00000 n trailer << /Size 10 /Root 1 0 R /Info 5 0 R /ID[] >> startxref 1812 %%EOF
Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 128

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 129

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 130

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 131
a iߩ@sddlZddlmZmZmZddlmZddlmZddl m Z ddl m Z m Z mZmZmZmZmZmZmZmZmZddlmZddlmZmZmZdd lmZdd lm Z Gd d d e!Z"dS) N) SHORTCUTSDEFAULT_ZONE_TARGETSOURCE_IPSET_TYPES)FirewallTransaction)Policy)log) Rich_ForwardPortRich_IcmpBlock Rich_IcmpType Rich_MarkRich_Masquerade Rich_Port Rich_Protocol Rich_Rule Rich_ServiceRich_SourcePortRich_Tcp_Mss_Clamp)nm_get_bus_name) checkIPnMask checkIP6nMask check_mac)errors) FirewallErrorc@s&eZdZdZddZddZddZdd Zd d Zd d Z ddZ ddZ ddZ ddZ ddZddZddZdddZdd Zd!d"Zd#d$Zdd%d&Zd'd(Zdd)d*Zdd+d,Zd-d.Zd/d0Zd1d2Zd3d4Zd5d6Zdd8d9Zd:d;Zddd?Z!dd@dAZ"dBdCZ#dDdEZ$dFdGZ%ddIdJZ&ddKdLZ'ddMdNZ(dOdPZ)ddQdRZ*ddSdTZ+dUdVZ,dWdXZ-dYdZZ.dd[d\Z/d]d^Z0d_d`Z1dadbZ2dcddZ3dedfZ4dgdhZ5ddidjZ6dkdlZ7dmdnZ8dodpZ9ddqdrZ:dsdtZ;dudvZd{d|Z?d}d~Z@ddZAddZBdddZCddZDddZEddZFdddZGddZHddZIddZJdddZKddZLddZMdddZNdddZOdddZPddZQdddZRddZSddZTddZUdddZVddZWddZXddZYddZZdddZ[ddZ\dddZ]ddZ^ddZ_dS) FirewallZonercCs||_i|_i|_dSN)_fw_zones_zone_policies)selffwr 9/usr/lib/python3.9/site-packages/firewall/core/fw_zone.py__init__0szFirewallZone.__init__cCsd|j|jfS)Nz%s(%r)) __class__rrr r r!__repr__5szFirewallZone.__repr__cCs|j|jdSr)rclearrr$r r r!cleanup8s zFirewallZone.cleanupcCst|j}||jj|Sr)rrZadd_prefull_check_config)rtr r r!new_transaction<s zFirewallZone.new_transactioncCsdj||dS)Nzzone_{fromZone}_{toZone})fromZonetoZone)format)rr+r,r r r!policy_name_from_zonesAsz#FirewallZone.policy_name_from_zonescCst|jSr)sortedrkeysr$r r r! get_zonesFszFirewallZone.get_zonescCs4g}|D]"}||s$||r ||q |Sr)r1list_interfaces list_sourcesappend)rZ active_zoneszoner r r!get_active_zonesIs   zFirewallZone.get_active_zonescCs2||}|jD]}||j|jvr|SqdSr)_FirewallZone__interface_idr interfaces)r interface interface_idr5r r r!get_zone_of_interfacePs    z"FirewallZone.get_zone_of_interfacecCs2||}|jD]}||j|jvr|SqdSr)_FirewallZone__source_idrsources)rsource source_idr5r r r!get_zone_of_sourceXs    zFirewallZone.get_zone_of_sourcecCs|j|}|j|Sr)r check_zoner)rr5zr r r!get_zone`s zFirewallZone.get_zonec CsHt}|j|_||||_|j|_|j|_|g|_|g|_dD]}||jkrz|dkrz|dvrzt ||t t ||q@|dkr||jkr|dvrt ||t t ||q@||jkr|dkr|dvrt ||t t ||q@|dvr@g|_ g|_|j D]D}|||}t|d}|||j|vr|j ||j|qq@|S) N) servicesports masquerade forward_ports source_ports icmp_blocksicmp_block_inversion rules_str protocolsHOST)rDrErHrIrJrLANY)rF)rG)rKrule_str)rnameZderived_from_zoner.ZONE_POLICY_PRIORITYprioritytargetZ ingress_zonesZ egress_zonessetattrcopydeepcopygetattrrKrulesr_rich_rule_to_policiesr4) rz_objr+r,p_objZsettingrPZcurrent_policyruler r r!policy_obj_from_zone_objds8     z%FirewallZone.policy_obj_from_zone_objcCsr||j|j<g|j|j<|jdfd|jf|jdffD]8\}}||||}|jj||j|j|jq4dS)NrMrN)rrQrr^rpolicyZ add_policyr4)robjr+r,r\r r r!add_zones   zFirewallZone.add_zonecCs.|j|}|jr|||j|=|j|=dSr)rappliedunapply_zone_settingsr)rr5r`r r r! remove_zones   zFirewallZone.remove_zoneNcCsR|D]D}|j|}t|jdks2t|jdkrtd||j||dqdS)NrzApplying zone '%s'use_transaction)r1rlenr8r=rdebug1apply_zone_settings)rrfr5r[r r r! apply_zoness    zFirewallZone.apply_zonescCs|j|}||_dSr)rrb)rr5rbr`r r r!set_zone_applieds zFirewallZone.set_zone_appliedcCsd|vr dS|d}t|dkr&dSd}tD]}|dt|kr.|}q.|dur|d|vrddSt|dkst|dkr|ddvr|d|fSdS)N_r)ZprerZdenyZallowZpost)splitrgrr1)rchainZsplits_chainxr r r!zone_from_chains&      zFirewallZone.zone_from_chaincCst||}|durdS|\}}|dvr0|}d}n4|dvrB|}d}n"|dvrTd}|}nttjd|||||fS)N)Z PREROUTINGZFORWARDrN)ZINPUTrM)Z POSTROUTINGz&chain '%s' can't be mapped to a policy)rtrrZ INVALID_CHAINr.)rrqrsr5rrr+r,r r r!policy_from_chains zFirewallZone.policy_from_chainc Csj|dvrf||}|durf||\}}|dur:|}n|}|jj|d||||durf|ddS)N)ipv4ipv6T)rur*rr_Zgen_chain_rulesexecute) ripvtablerqrfrsr_rr transactionr r r!create_zone_base_by_chains  z&FirewallZone.create_zone_base_by_chainc CsdD]}t|||}t|tr(|g}|D]j}|dkrJ|||||q,|dkrp||}||||||q,|dkr|q,q,|dkrq,td|||q,q|r| |||dS)N)r8r=forwardrJr8r=rJr}z3Zone '%s': Unknown setting '%s:%s', unable to apply) rXrC isinstancebool _interface check_source_sourcerZwarning_icmp_block_inversion)renabler5r{keyZ args_listargsryr r r!_zone_settingss&  zFirewallZone._zone_settingscCs|j|}|j|}|jr dSd|_|dur8|}n|}|j|D]$}td|||jjj ||dqF| d|||dur| ddS)NTz+Applying policy (%s) derived from zone '%s're) rrArrbr*rrrhr_apply_policy_settingsrrxrr5rf_zoner`r{r_r r r!ri s   z FirewallZone.apply_zone_settingscCs||j|}|j|}|js dS|dur2|}n|}|j|D]}|jjj||dq@|d|||durx| ddS)NreFT) rrArrbr*rr_unapply_policy_settingsrrxrr r r!rcs   z"FirewallZone.unapply_zone_settingsc Csz||}||}g}tdD]P}|j|d|vrX|tt||j|dq |||j|dq t|S)H :return: exported config updated with runtime settings r) rCget_config_with_settings_dictrangeZIMPORT_EXPORT_STRUCTUREr4rVrWrXtuple)rr5r`Z conf_dictZ conf_listir r r!get_config_with_settings1s   "z%FirewallZone.get_config_with_settingscCs||}|dtkr"d|d<||||||||||||| || || || || |||d }|j||S)rrTdefault rDrErIrFrGr8r=rKrLrHrJr})rCZexport_config_dictr list_services list_portslist_icmp_blocksquery_masqueradelist_forward_portsr2r3 list_ruleslist_protocolslist_source_portsquery_icmp_block_inversion query_forwardrZ'combine_runtime_with_permanent_settings)rr5Z permanentZruntimer r r!rAs"  z*FirewallZone.get_config_with_settings_dictc s,d fdd }fdd}jjfjjfjjfjjfjj fj j fj j f||fjjfjjfjjfjjfd }|}t|}||jjd|gi|} j| |\} } | D]n} t| | trJ| | D]>} t| t r2|| d|g| Rn|| d|| qq|| d|q| D]} t| | tr| | D]n} | d vr|| d|| |d nFt| t r|| d|g| Rd|d n|| d|| d|d q|n6| d vr|| d||d n|| d|d|d q`dS)Nrcsj|t|dd|ddS)NrOrtimeoutsender)add_ruler)r5rPrrr$r r!add_rule_wrapperYszDFirewallZone.set_config_with_settings_dict..add_rule_wrappercs|t|ddS)NrO) remove_ruler)r5rPr$r r!remove_rule_wrapper[szGFirewallZone.set_config_with_settings_dict..remove_rule_wrapperrZzonesrn)r8r=)rr)rJ)rN)! add_serviceremove_serviceadd_port remove_portadd_icmp_blockremove_icmp_blockadd_masqueraderemove_masqueradeadd_forward_portremove_forward_port add_interfaceremove_interface add_source remove_source add_protocolremove_protocoladd_source_portremove_source_portadd_icmp_block_inversionremove_icmp_block_inversion add_forwardremove_forwardrCrVZimport_config_dictrZget_all_io_objects_dictr(rZget_added_and_removed_settingsr~listr)rr5ZsettingsrrrZ setting_to_fnZold_objZ check_objZ old_settingsZ add_settingsZremove_settingsrrr r$r!set_config_with_settings_dictWsN                    " z*FirewallZone.set_config_with_settings_dictcCs|j|dSr)rcheck_interfacerr9r r r!rszFirewallZone.check_interfacecCs|||Sr)rrr r r!Z__interface_ids zFirewallZone.__interface_idTc Cs |j|j|}|j|}||}||jvrHttjd||f| |} | durnttj d|| ft d||f|dur| } n|} |js|r|j|| d| |j|d|r|d||| |||||| |j|||dur| d|S)N'%s' already bound to '%s'z&Setting zone of interface '%s' to '%s'reFT)r check_panicrArr7r8rrZONE_ALREADY_SETr; ZONE_CONFLICTrrhr*rbriadd_failrkr!_FirewallZone__register_interface#_FirewallZone__unregister_interfacerx) rr5r9rrf allow_applyr_objr:zoir{r r r!rsJ           zFirewallZone.add_interfacecCsB|j||r|dkr&|jj||tkr>|jj|dS)N)r8r4r_default_zone_interfacesr_nm_assigned_interfaces)rrr:r5rr r r!Z__register_interfaces    z!FirewallZone.__register_interfacecCsR|j||}|j|}||kr,|S|dur@|||||||}|Sr)rrr;rArr)rr5r9r _old_zone _new_zonerr r r!change_zone_of_interfaces    z%FirewallZone.change_zone_of_interfacecCsz|j|dur|}n|}||||jd|d|dd|durd|dkrd|jd|d|dd|durv|ddS)NT+)r4rF)rrr*rirrx)rZold_zoneZnew_zonerfr{r r r!change_default_zones   z FirewallZone.change_default_zonec Cs|j||}|dur,ttjd||dkr8|n |j|}||krbttjd|||f|durt|}n|}|j |}| |}| |j ||| d||||dur|d|S)N'%s' is not in any zonerz"remove_interface(%s, %s): zoi='%s'FT)rrr;rrZUNKNOWN_INTERFACErArr*rr7add_postrrrx) rr5r9rfrrr{rr:r r r!rs.      zFirewallZone.remove_interfacecCsN||jvr|j|||jjvr0|jj|||jjvrJ|jj|dSr)r8removerrr)rrr:r r r!Z__unregister_interface s     z#FirewallZone.__unregister_interfacecCs||||jvSr)r7rCr8)rr5r9r r r!query_interfaceszFirewallZone.query_interfacecCs ||jSr)rCr8rr5r r r!r2szFirewallZone.list_interfacesFcCsxt|r dSt|rdSt|r$dS|drh||dd|rV||dd||ddSttj |dS)Nrvrwrzipset:) rrr startswith_check_ipset_type_for_source_check_ipset_applied _ipset_familyrrZ INVALID_ADDRrr>rbr r r!rs zFirewallZone.check_sourcecCs|j||d|S)Nrb)rrr r r!Z __source_id(szFirewallZone.__source_idc Cs|j|j|}|j|}t|r0|}|j||d}|j||d} | |jvrjt t j d||f| |durt t j d||dur|} n|} |js|r|j|| d| |j|d|r|d||| | ||| ||| |j|| |dur| d|S)Nrrz'%s' already bound to a zonereFT)rrrArrupperrr<r=rrrr@rr*rbrirrkr_FirewallZone__register_source _FirewallZone__unregister_sourcerx) rr5r>rrfrrrryr?r{r r r!r,s<         zFirewallZone.add_sourcecCs|j|dSr)r=r4)rrr?r5rr r r!Z__register_sourceTszFirewallZone.__register_sourcecCsb|j||}|j|}||kr,|St|r<|}|durP|||||||}|Sr)rrr@rArrrr)rr5r>rrrrr r r!change_zone_of_sourceWs    z"FirewallZone.change_zone_of_sourcec Cs|jt|r|}||}|durrfZzosrr{rryr?r r r!ris4       zFirewallZone.remove_sourcecCs||jvr|j|dSr)r=r)rrr?r r r!Z__unregister_sources z FirewallZone.__unregister_sourcecCs&t|r|}||||jvSr)rrr<rCr=)rr5r>r r r! query_sourceszFirewallZone.query_sourcecCs ||jSr)rCr=rr r r!r3szFirewallZone.list_sourcesc spjD]}|jsq j|D]>}jj|D]*\}} ||||||| |} ||| q2q |d} |j r |dvr |j |||d|d} ||| q jj D]}|jj |vr|jj|vrq|jjvrRjj|jrR|s*t|dkr*jjj||dn&jjd|||fdd |q|r|fd d |qdS) NrN)r*filterr9rnreFcs |jjvojjd|SNTrr_)get_active_policies_not_derived_from_zoneZ!_ingress_egress_zones_transactionpr$r r!sz)FirewallZone._interface..cs|jjvojj|Srrr_rrrr$r r!rs)renabled_backendspolicies_supportedrr_#_get_table_chains_for_zone_dispatchZ!build_zone_source_interface_rules add_rulesr.rCr}build_zone_forward_rules"get_policies_not_derived_from_zonelist_ingress_zoneslist_egress_zonesr get_policyrbrgr2r_ingress_egress_zonesr) rrr5r9r{r4backendr_rzrqrYr r$r!rs:  $zFirewallZone._interfacecCs$||dkrdS|jjj|ddS)Nzhash:macFr) _ipset_typeripsetZ get_familyrrQr r r!rszFirewallZone._ipset_familycCs|jjj|ddS)NFr)rrZget_typerr r r!rszFirewallZone._ipset_typecCsd|g|jj|S)N,)joinrrZ get_dimension)rrQflagr r r!_ipset_match_flagsszFirewallZone._ipset_match_flagscCs|jj|Sr)rrZ check_appliedrr r r!rsz!FirewallZone._check_ipset_appliedcCs*||}|tvr&ttjd||fdS)Nz.ipset '%s' with type '%s' not usable as source)rrrrZ INVALID_IPSET)rrQZ_typer r r!rs z)FirewallZone._check_ipset_type_for_sourcec sx|rj|gnjD]}|js(qj|D]<}jj|D](\}} ||||||| } ||| qDq2 |d} |j r|j |||d|d} ||| qjj D]}|jj|vr|jj|vrq|jjvrZjj|jrZ|s2t|dkr2jjj||dn&jjd|||fdd|q|r|fd d|qdS) NrNrr>rnreFcs |jjvojjd|Srrrr$r r!rsz&FirewallZone._source..cs|jjvojj|Srrrr$r r!rs)rget_backend_by_ipvrrrr_rZbuild_zone_source_address_rulesrr.rCr}rrrrrrrbrgr3rrr) rrr5ryr>r{rr_rzrqrYr r$r!rs:   $zFirewallZone._sourcecCs0|j|}||d}|jj|||||SNrM)rrAr.r_r)rr5servicerrp_namer r r!rs  zFirewallZone.add_servicecCs,|j|}||d}|jj|||Sr)rrAr.r_rrr5rrr r r!rs  zFirewallZone.remove_servicecCs(|j|}||d}|jj||Sr)rrAr.r_ query_servicerr r r!r s  zFirewallZone.query_servicecCs&|j|}||d}|jj|Sr)rrAr.r_rrr5rr r r!rs  zFirewallZone.list_servicescCs2|j|}||d}|jj||||||Sr)rrAr.r_r)rr5portprotocolrrrr r r!rs  zFirewallZone.add_portcCs.|j|}||d}|jj||||Sr)rrAr.r_rrr5rrrr r r!rs  zFirewallZone.remove_portcCs*|j|}||d}|jj|||Sr)rrAr.r_ query_portr r r r!r  s  zFirewallZone.query_portcCs&|j|}||d}|jj|Sr)rrAr.r_rrr r r!r%s  zFirewallZone.list_portscCs2|j|}||d}|jj||||||Sr)rrAr.r_r)rr5 source_portrrrrr r r!r*s  zFirewallZone.add_source_portcCs.|j|}||d}|jj||||Sr)rrAr.r_rrr5r rrr r r!r0s  zFirewallZone.remove_source_portcCs*|j|}||d}|jj|||Sr)rrAr.r_query_source_portr r r r!r 6s  zFirewallZone.query_source_portcCs&|j|}||d}|jj|Sr)rrAr.r_rrr r r!r;s  zFirewallZone.list_source_portscCs|j|}t|jtkr(||dgSt|jttt t t t fvrP||dgSt|jt fvrn||dgSt|jtfvr|d|gSt|jtfvr||dgS|jdur||dgSttjdt|jdS)NrNrMz Rich rule type (%s) not handled.)rrAtypeactionr r.elementrr rrr r rr rrrZ INVALID_RULE)rr5r]r r r!rZ@s   z#FirewallZone._rich_rule_to_policiescCs*|||D]}|jj||||q |Sr)rZrr_r)rr5r]rrrr r r!rRszFirewallZone.add_rulecCs&|||D]}|jj||q |Sr)rZrr_r)rr5r]rr r r!rWszFirewallZone.remove_rulecCs.d}|||D]}|o&|jj||}q|Sr)rZrr_ query_rule)rr5r]retrr r r!r\szFirewallZone.query_rulecCsZ|j|}t}||d||d|d|fD]}|t|jj|q4t|S)NrNrM)rrAsetr.updater_rr)rr5rrr r r!rbs    zFirewallZone.list_rulescCs0|j|}||d}|jj|||||Sr)rrAr.r_r)rr5rrrrr r r!rks  zFirewallZone.add_protocolcCs,|j|}||d}|jj|||Sr)rrAr.r_rrr5rrr r r!rqs  zFirewallZone.remove_protocolcCs(|j|}||d}|jj||Sr)rrAr.r_query_protocolrr r r!rws  zFirewallZone.query_protocolcCs&|j|}||d}|jj|Sr)rrAr.r_rrr r r!r|s  zFirewallZone.list_protocolscCs.|j|}|d|}|jj||||SNrN)rrAr.r_r)rr5rrrr r r!rs  zFirewallZone.add_masqueradecCs*|j|}|d|}|jj||Sr)rrAr.r_rrr r r!rs  zFirewallZone.remove_masqueradecCs&|j|}|d|}|jj|Sr)rrAr.r_rrr r r!rs  zFirewallZone.query_masqueradec Cs6|j|}||d}|jj||||||||Sr)rrAr.r_r) rr5rrtoporttoaddrrrrr r r!rs   zFirewallZone.add_forward_portcCs2|j|}||d}|jj||||||Sr)rrAr.r_rrr5rrrrrr r r!rs  z FirewallZone.remove_forward_portcCs.|j|}||d}|jj|||||Sr)rrAr.r_query_forward_portrr r r!rs   zFirewallZone.query_forward_portcCs&|j|}||d}|jj|Sr)rrAr.r_rrr r r!rs  zFirewallZone.list_forward_portscCs0|j|}||d}|jj|||||Sr)rrAr.r_r)rr5icmprrrr r r!rs  zFirewallZone.add_icmp_blockcCs,|j|}||d}|jj|||Sr)rrAr.r_r)rr5rrr r r!rs  zFirewallZone.remove_icmp_blockcCs(|j|}||d}|jj||Sr)rrAr.r_query_icmp_block)rr5r p_name_hostr r r!rs  zFirewallZone.query_icmp_blockcCs.|j|}||d}tt|jj|Sr)rrAr.r/rr_rrr5rr r r!rs  zFirewallZone.list_icmp_blockscCs,|j|}||d}|jj|||Sr)rrAr.r_r)rr5rrr r r!rs  z%FirewallZone.add_icmp_block_inversioncCs.|j|}||d}|jj|||dSr)rrAr.r_r)rrr5r{rr r r!rs  z"FirewallZone._icmp_block_inversioncCs*|j|}||d}|jj||Sr)rrAr.r_rrr r r!rs  z(FirewallZone.remove_icmp_block_inversioncCs&|j|}||d}|jj|Sr)rrAr.r_rrr r r!rs  z'FirewallZone.query_icmp_block_inversionc Cs||d}|j|jD]<}|jD],}|js2q&|j|||d|d}|||q&q|j|jD]X}| |} | r|j | gn|jD],}|jsq|j|||d|d}|||qqbdS)NrNrrr) r.rr8rrrrrr=rr) rrr5r{rr9rrYr>ryr r r!_forwards   zFirewallZone._forwardcCs|j|}|j||j|j|}|jrBttjd||durT| }n|}|j rl| d||| |||| |j||dur|d|S)Nzforward already enabled in '%s'T)rrAZ check_timeoutrrr}rrZALREADY_ENABLEDr*rbr _FirewallZone__register_forwardr!_FirewallZone__unregister_forwardrx)rr5rrrfrrr{r r r!rs$      zFirewallZone.add_forwardcCs d|_dSrr})rrrrr r r!Z__register_forward szFirewallZone.__register_forwardcCs|j|}|j|j|}|js6ttjd||durH|}n|}|j r`| d||| |j ||dur| d|S)Nzforward not enabled in '%s'FT)rrArrr}rrZ NOT_ENABLEDr*rbr rr"rx)rr5rfrrr{r r r!r s      zFirewallZone.remove_forwardcCs d|_dS)NFr#)rrr r r!Z__unregister_forward%sz!FirewallZone.__unregister_forwardcCs ||jSr)rCr}rr r r!r(szFirewallZone.query_forward)N)N)N)N)NNT)N)N)N)F)F)NNT)N)N)F)rN)rN)rN)rN)rN)rN)NNrN)NN)NN)rN)N)rNN)N)`__name__ __module__ __qualname__rRr"r%r'r*r.r1r6r;r@rCr^rardrjrkrtrur|rrircrrrrr7rrrrrrrr2rr<rrrrrrr3rrrrrrrrrrrrrr rrrr rrZrrrrrrrrrrrrrrrrrrrrrrrr rr!rr"rr r r r!r-s*    > +      (   ,(             r)#rVZfirewall.core.baserrrZfirewall.core.fw_transactionrZfirewall.core.io.policyrZfirewall.core.loggerrZfirewall.core.richrr r r r r rrrrrZfirewall.core.fw_nmrZfirewall.functionsrrrZfirewallrZfirewall.errorsrobjectrr r r r!s   4