search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add new RHEL7 logvol objects to master
[pykickstart.git] / pykickstart / commands / firewall.py
blob83a45f84229d0b7c9bd00396d4a1d9ca1bb8e9bc
1 #
2 # Chris Lumens <clumens@redhat.com>
3 #
4 # Copyright 2005, 2006, 2007 Red Hat, Inc.
5 #
6 # This copyrighted material is made available to anyone wishing to use, modify,
7 # copy, or redistribute it subject to the terms and conditions of the GNU
8 # General Public License v.2. This program is distributed in the hope that it
9 # will be useful, but WITHOUT ANY WARRANTY expressed or implied, including the
10 # implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11 # See the GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License along with
14 # this program; if not, write to the Free Software Foundation, Inc., 51
15 # Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Any Red Hat
16 # trademarks that are incorporated in the source code or documentation are not
17 # subject to the GNU General Public License and may only be used or replicated
18 # with the express permission of Red Hat, Inc.
19 #
20 from pykickstart.base import KickstartCommand
21 from pykickstart.errors import KickstartValueError, formatErrorMsg
22 from pykickstart.options import KSOptionParser
23
24 import gettext
25 _ = lambda x: gettext.ldgettext("pykickstart", x)
26
27 class FC3_Firewall(KickstartCommand):
28 removedKeywords = KickstartCommand.removedKeywords
29 removedAttrs = KickstartCommand.removedAttrs
30
31 def __init__(self, writePriority=0, *args, **kwargs):
32 KickstartCommand.__init__(self, writePriority, *args, **kwargs)
33 self.op = self._getParser()
34
35 self.enabled = kwargs.get("enabled", None)
36 self.ports = kwargs.get("ports", [])
37 self.trusts = kwargs.get("trusts", [])
38
39 def __str__(self):
40 extra = []
41 filteredPorts = []
42
43 retval = KickstartCommand.__str__(self)
44
45 if self.enabled is None:
46 return retval
47
48 if self.enabled:
49 # It's possible we have words in the ports list instead of
50 # port:proto (s-c-kickstart may do this). So, filter those
51 # out into their own list leaving what we expect.
52 for port in self.ports:
53 if port == "ssh":
54 extra.append(" --ssh")
55 elif port == "telnet":
56 extra.append(" --telnet")
57 elif port == "smtp":
58 extra.append(" --smtp")
59 elif port == "http":
60 extra.append(" --http")
61 elif port == "ftp":
62 extra.append(" --ftp")
63 else:
64 filteredPorts.append(port)
65
66 # All the port:proto strings go into a comma-separated list.
67 portstr = ",".join(filteredPorts)
68 if len(portstr) > 0:
69 portstr = " --port=" + portstr
70 else:
71 portstr = ""
72
73 extrastr = "".join(extra)
74 truststr = ",".join(self.trusts)
75
76 if len(truststr) > 0:
77 truststr = " --trust=" + truststr
78
79 # The output port list consists only of port:proto for
80 # everything that we don't recognize, and special options for
81 # those that we do.
82 retval += "# Firewall configuration\nfirewall --enabled%s%s%s\n" % (extrastr, portstr, truststr)
83 else:
84 retval += "# Firewall configuration\nfirewall --disabled\n"
85
86 return retval
87
88 def _getParser(self):
89 def firewall_port_cb (option, opt_str, value, parser):
90 for p in value.split(","):
91 p = p.strip()
92 if p.find(":") == -1:
93 p = "%s:tcp" % p
94 parser.values.ensure_value(option.dest, []).append(p)
95
96 op = KSOptionParser(mapping={"ssh":["22:tcp"], "telnet":["23:tcp"],
97 "smtp":["25:tcp"], "http":["80:tcp", "443:tcp"],
98 "ftp":["21:tcp"]})
99
100 op.add_option("--disable", "--disabled", dest="enabled",
101 action="store_false")
102 op.add_option("--enable", "--enabled", dest="enabled",
103 action="store_true", default=True)
104 op.add_option("--ftp", "--http", "--smtp", "--ssh", "--telnet",
105 dest="ports", action="map_extend")
106 op.add_option("--high", deprecated=1)
107 op.add_option("--medium", deprecated=1)
108 op.add_option("--port", dest="ports", action="callback",
109 callback=firewall_port_cb, nargs=1, type="string")
110 op.add_option("--trust", dest="trusts", action="append")
111 return op
112
113 def parse(self, args):
114 (opts, extra) = self.op.parse_args(args=args, lineno=self.lineno)
115
116 if len(extra) != 0:
117 mapping = {"command": "firewall", "options": extra}
118 raise KickstartValueError(formatErrorMsg(self.lineno, msg=_("Unexpected arguments to %(command)s command: %(options)s") % mapping))
119
120 self._setToSelf(self.op, opts)
121 return self
122
123 class F9_Firewall(FC3_Firewall):
124 removedKeywords = FC3_Firewall.removedKeywords
125 removedAttrs = FC3_Firewall.removedAttrs
126
127 def _getParser(self):
128 op = FC3_Firewall._getParser(self)
129 op.remove_option("--high")
130 op.remove_option("--medium")
131 return op
132
133 class F10_Firewall(F9_Firewall):
134 removedKeywords = F9_Firewall.removedKeywords
135 removedAttrs = F9_Firewall.removedAttrs
136
137 def __init__(self, writePriority=0, *args, **kwargs):
138 F9_Firewall.__init__(self, writePriority, *args, **kwargs)
139 self.services = kwargs.get("services", [])
140
141 def __str__(self):
142 if self.enabled is None:
143 return ""
144
145 retval = F9_Firewall.__str__(self)
146 if self.enabled:
147 retval = retval.strip()
148
149 svcstr = ",".join(self.services)
150 if len(svcstr) > 0:
151 svcstr = " --service=" + svcstr
152 else:
153 svcstr = ""
154
155 return retval + "%s\n" % svcstr
156 else:
157 return retval
158
159 def _getParser(self):
160 def service_cb (option, opt_str, value, parser):
161 # python2.4 does not support action="append_const" that we were
162 # using for these options. Instead, we have to fake it by
163 # appending whatever the option string is to the service list.
164 if not value:
165 parser.values.ensure_value(option.dest, []).append(opt_str[2:])
166 return
167
168 for p in value.split(","):
169 p = p.strip()
170 parser.values.ensure_value(option.dest, []).append(p)
171
172 op = F9_Firewall._getParser(self)
173 op.add_option("--service", dest="services", action="callback",
174 callback=service_cb, nargs=1, type="string")
175 op.add_option("--ftp", dest="services", action="callback",
176 callback=service_cb)
177 op.add_option("--http", dest="services", action="callback",
178 callback=service_cb)
179 op.add_option("--smtp", dest="services", action="callback",
180 callback=service_cb)
181 op.add_option("--ssh", dest="services", action="callback",
182 callback=service_cb)
183 op.add_option("--telnet", deprecated=1)
184 return op
185
186 class F14_Firewall(F10_Firewall):
187 removedKeywords = F10_Firewall.removedKeywords + ["telnet"]
188 removedAttrs = F10_Firewall.removedAttrs + ["telnet"]
189
190 def _getParser(self):
191 op = F10_Firewall._getParser(self)
192 op.remove_option("--telnet")
193 return op
194
195 class F20_Firewall(F14_Firewall):
196
197 def __init__(self, writePriority=0, *args, **kwargs):
198 F14_Firewall.__init__(self, writePriority, *args, **kwargs)
199 self.remove_services = kwargs.get("remove_services", [])
200
201 def _getParser(self):
202 def remove_service_cb(option, opt_str, value, parser):
203 # python2.4 does not support action="append_const" that we were
204 # using for these options. Instead, we have to fake it by
205 # appending whatever the option string is to the service list.
206 if not value:
207 parser.values.ensure_value(option.dest, []).append(opt_str[2:])
208 return
209
210 for p in value.split(","):
211 p = p.strip()
212 parser.values.ensure_value(option.dest, []).append(p)
213
214 op = F14_Firewall._getParser(self)
215 op.add_option("--remove-service", dest="remove_services",
216 action="callback", callback=remove_service_cb,
217 nargs=1, type="string")
218 return op
219
220 def __str__(self):
221 if self.enabled is None:
222 return ""
223
224 retval = F10_Firewall.__str__(self)
225 if self.enabled:
226 retval = retval.strip()
227
228 svcstr = ",".join(self.remove_services)
229 if len(svcstr) > 0:
230 svcstr = " --remove-service=" + svcstr
231 else:
232 svcstr = ""
233
234 return retval + "%s\n" % svcstr
235 else:
236 return retval
python module for parsing and writing kickstart configs