2 # Chris Lumens <clumens@redhat.com>
4 # Copyright 2005, 2006, 2007 Red Hat, Inc.
6 # This copyrighted material is made available to anyone wishing to use, modify,
7 # copy, or redistribute it subject to the terms and conditions of the GNU
8 # General Public License v.2. This program is distributed in the hope that it
9 # will be useful, but WITHOUT ANY WARRANTY expressed or implied, including the
10 # implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11 # See the GNU General Public License for more details.
13 # You should have received a copy of the GNU General Public License along with
14 # this program; if not, write to the Free Software Foundation, Inc., 51
15 # Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Any Red Hat
16 # trademarks that are incorporated in the source code or documentation are not
17 # subject to the GNU General Public License and may only be used or replicated
18 # with the express permission of Red Hat, Inc.
20 from pykickstart.base import *
21 from pykickstart.errors import *
22 from pykickstart.options import *
25 _ = lambda x: gettext.ldgettext("pykickstart", x)
27 class FC3_Firewall(KickstartCommand):
28 removedKeywords = KickstartCommand.removedKeywords
29 removedAttrs = KickstartCommand.removedAttrs
31 def __init__(self, writePriority=0, *args, **kwargs):
32 KickstartCommand.__init__(self, writePriority, *args, **kwargs)
33 self.op = self._getParser()
35 self.enabled = kwargs.get("enabled", None)
36 self.ports = kwargs.get("ports", [])
37 self.trusts = kwargs.get("trusts", [])
43 retval = KickstartCommand.__str__(self)
45 if self.enabled is None:
49 # It's possible we have words in the ports list instead of
50 # port:proto (s-c-kickstart may do this). So, filter those
51 # out into their own list leaving what we expect.
52 for port in self.ports:
54 extra.append(" --ssh")
55 elif port == "telnet":
56 extra.append(" --telnet")
58 extra.append(" --smtp")
60 extra.append(" --http")
62 extra.append(" --ftp")
64 filteredPorts.append(port)
66 # All the port:proto strings go into a comma-separated list.
67 portstr = ",".join(filteredPorts)
69 portstr = " --port=" + portstr
73 extrastr = "".join(extra)
74 truststr = ",".join(self.trusts)
77 truststr = " --trust=" + truststr
79 # The output port list consists only of port:proto for
80 # everything that we don't recognize, and special options for
82 retval += "# Firewall configuration\nfirewall --enabled%s%s%s\n" % (extrastr, portstr, truststr)
84 retval += "# Firewall configuration\nfirewall --disabled\n"
89 def firewall_port_cb (option, opt_str, value, parser):
90 for p in value.split(","):
94 parser.values.ensure_value(option.dest, []).append(p)
96 op = KSOptionParser(mapping={"ssh":["22:tcp"], "telnet":["23:tcp"],
97 "smtp":["25:tcp"], "http":["80:tcp", "443:tcp"],
100 op.add_option("--disable", "--disabled", dest="enabled",
101 action="store_false")
102 op.add_option("--enable", "--enabled", dest="enabled",
103 action="store_true", default=True)
104 op.add_option("--ftp", "--http", "--smtp", "--ssh", "--telnet",
105 dest="ports", action="map_extend")
106 op.add_option("--high", deprecated=1)
107 op.add_option("--medium", deprecated=1)
108 op.add_option("--port", dest="ports", action="callback",
109 callback=firewall_port_cb, nargs=1, type="string")
110 op.add_option("--trust", dest="trusts", action="append")
113 def parse(self, args):
114 (opts, extra) = self.op.parse_args(args=args, lineno=self.lineno)
117 mapping = {"command": "firewall", "options": extra}
118 raise KickstartValueError, formatErrorMsg(self.lineno, msg=_("Unexpected arguments to %(command)s command: %(options)s") % mapping)
120 self._setToSelf(self.op, opts)
123 class F9_Firewall(FC3_Firewall):
124 removedKeywords = FC3_Firewall.removedKeywords
125 removedAttrs = FC3_Firewall.removedAttrs
127 def _getParser(self):
128 op = FC3_Firewall._getParser(self)
129 op.remove_option("--high")
130 op.remove_option("--medium")
133 class F10_Firewall(F9_Firewall):
134 removedKeywords = F9_Firewall.removedKeywords
135 removedAttrs = F9_Firewall.removedAttrs
137 def __init__(self, writePriority=0, *args, **kwargs):
138 F9_Firewall.__init__(self, writePriority, *args, **kwargs)
139 self.services = kwargs.get("services", [])
142 if self.enabled is None:
145 retval = F9_Firewall.__str__(self)
147 retval = retval.strip()
149 svcstr = ",".join(self.services)
151 svcstr = " --service=" + svcstr
155 return retval + "%s\n" % svcstr
159 def _getParser(self):
160 def service_cb (option, opt_str, value, parser):
161 # python2.4 does not support action="append_const" that we were
162 # using for these options. Instead, we have to fake it by
163 # appending whatever the option string is to the service list.
165 parser.values.ensure_value(option.dest, []).append(opt_str[2:])
168 for p in value.split(","):
170 parser.values.ensure_value(option.dest, []).append(p)
172 op = F9_Firewall._getParser(self)
173 op.add_option("--service", dest="services", action="callback",
174 callback=service_cb, nargs=1, type="string")
175 op.add_option("--ftp", dest="services", action="callback",
177 op.add_option("--http", dest="services", action="callback",
179 op.add_option("--smtp", dest="services", action="callback",
181 op.add_option("--ssh", dest="services", action="callback",
183 op.add_option("--telnet", deprecated=1)
186 class F14_Firewall(F10_Firewall):
187 removedKeywords = F10_Firewall.removedKeywords + ["telnet"]
188 removedAttrs = F10_Firewall.removedAttrs + ["telnet"]
190 def _getParser(self):
191 op = F10_Firewall._getParser(self)
192 op.remove_option("--telnet")