ACC SHELL

Path : /usr/share/YaST2/modules/
File Upload :
Current File : //usr/share/YaST2/modules/SuSEFirewall.ybc

YaST bytecode 1.4.0SuSEFirewallSuSEFirewall.ycpModeServiceNetworkInterfacesSuSEFirewallServicesPortAliasesReportMessageProgress	
PortRanges

PackageSystem	FileUtils	Directory
Stagesusefirewall_package	configuration_has_been_readspecial_all_interface_string	max_port_numberspecial_all_interface_zone	SETTINGS	modified
is_runningDEFAULT_SETTINGS		
verbose_levelknown_firewall_zones	
zone_names		int_zone_shortname	supported_protocols	service_defined_by	allowed_conflict_services		firewall_services	firewall_services_reverse	 SuSEFirewall_variables	!one_line_per_record	"broadcast_related_module	#WriteOneRecordPerLine	$SetModified%
ResetModified&GetKnownFirewallZones	'IsServiceSupportedInZone		(GetSpecialInterfacesInZone		)AddSpecialInterfaceIntoZone		*report_only_once	+ReportOnlyOnce	,IsAnyNetworkInterfaceSupported-GetListOfSuSEFirewallVariables	.IncreaseVerbosity/DecreaseVerbosity0	IsVerbose1GetDefaultValue		2ReadSysconfigSuSEFirewall	3ResetSysconfigSuSEFirewall	4WriteSysconfigSuSEFirewall	5IsSupportedProtocol	6IsKnownZone	7GetZoneConfigurationString		8GetConfigurationStringZone		9GetAllowedServicesForZoneProto			:SetAllowedServicesForZoneProto			;GetBroadcastConfiguration		<SetBroadcastConfiguration		=GetBroadcastAllowedPorts		>SetBroadcastAllowedPorts		?IsBroadcastAllowed		@RemoveAllowedBroadcast		AAddAllowedBroadcast		BRemoveServiceFromProtocolZone			CRemoveAllowedPortsOrServices			DAddAllowedPortsOrServices			E%RemoveServiceDefinedByPackageFromZone		F"AddServiceDefinedByPackageIntoZone		GRemoveServiceSupportFromZone		HAddServiceSupportIntoZone		Icheck_and_install_packageJSetInstallPackagesIfMissingKneeded_packages_installedLSuSEFirewallIsInstalledMfw_service_can_be_configuredNGetModifiedO
ResetReadFlagPGetZoneFullName		QSetProtectFromInternalZoneRGetProtectFromInternalZoneSSetSupportRouteTGetSupportRouteUSetTrustIPsecAs	VGetTrustIPsecAs	WGetStartServiceXSetStartServiceYGetEnableServiceZSetEnableService[
StartServices\StopServices]EnableServices^DisableServices_	IsEnabled`	IsStartedaExport	bImport	cIsInterfaceInZone		dGetZoneOfInterface		eGetZonesOfInterfaces		f'GetInterfacesInZoneSupportingAnyFeature		g+GetZonesOfInterfacesWithAnyFeatureSupported		hGetAllKnownInterfaces		iGetAllNonDialUpInterfaces	jGetAllDialUpInterfaces	kGetListOfKnownInterfaces	lRemoveInterfaceFromZone		mAddInterfaceIntoZone		nGetInterfacesInZone		oGetFirewallInterfaces	pInterfacesSupportedByAnyFeature		qArePortsOrServicesAllowed			rHaveService			s
AddService			t
RemoveService			u(IsServiceDefinedByPackageSupportedInZone		vGetServicesInZones			wGetServices			xSetServicesForZones		ySetServices		zReadDefaultConfiguration{ReadCurrentConfiguration|converted_to_services_dbp_file	}already_converted~"ConvertToServicesDefinedByPackagesFillUpEmptyConfigReadAnyRPCServiceInConfigurationActivateConfigurationWriteConfigurationCheckKernelModules	WriteOnlyWriteSaveAndRestartServiceGetAdditionalServices			SetAdditionalServices			IsOtherFirewallRunningGetFirewallInterfacesMap		RemoveSpecialInterfaceFromZone		
GetMasquerade
SetMasqueradeGetListOfForwardsIntoMasquerade		RemoveForwardIntoMasqueradeRuleAddForwardIntoMasqueradeRule						GetLoggingSettings		SetLoggingSettings		GetIgnoreLoggingBroadcast		SetIgnoreLoggingBroadcast		
AddXenSupportGetAcceptExpertRules		SetAcceptExpertRules		GetFirewallKernelModules	SetFirewallKernelModules	protocol_translations		GetProtocolTranslatedName		GetServicesAcceptRelated		SetServicesAcceptRelated		RemoveOldAllowedServiceFromZone		U-27$$%%&&''service	zone	((
zone	))	interface	zone	,,==>>	broadcast		JJ
new_statusLLNNOOPPzone	QQset_protectRRSS$	set_routeTT3UU>zone	VVXWWuXX
start_serviceYYZZenable_service[[\\]]^^__/``Laahbbqimport_settings	cc	interface	zone	dd	interface	ee
interfaces	ffzone	gg
interfaces	hhii$jj4kkDllU	interface	zone	mmi	interface	zone	nnzone	ooppzone	rrservice	protocol		interface	ssservice	protocol		interface	tt[service	protocol		interface	vv,services	ww]services	xx|services_ids	firewall_zones	
new_statusyyservices_ids	
interfaces	
new_status~~2
|		

#
;
protocol	zone	
protocol	zone	new_list_services	

	interface	zone	%.enableKpremove_item
source_net	
forward_to_ip	protocol	req_port	redirect_to_port	requested_ip	rule	rule	state	zone	zone	bcast	%Azone	Tzone	expert_rules	k~	k_modules	protocol	zone	zone	ruleset	3SCRReadWriteExecute0base3Modenormalinstallationautoinst	testsuite3ServiceStatus	Enable	Enabled	Disable	3NetworkInterfacesReadreport_every_checkGetValue			List		3SuSEFirewallServicesOLD_SERVICES		GetNeededTCPPorts		ServiceDefinedByPackage	 ReadServicesDefinedByRPMPackagesIsKnownService	GetSupportedServices		GetNeededUDPPorts		GetNeededRPCPorts		GetNeededIPProtocols		GetModifiedGetNeededPortsAndProtocols			3PortAliasesGetListOfServiceAliases		
GetPortNumber	3ReportError	3MessageCannotWriteSettingsTo		Finished	3ProgressNew					NextStageFinish3
PortRangesmax_port_numberIsPortRange	PortIsInPortranges		DividePortsAndPortRanges			RemovePortFromPortRanges		FlattenServices			3
PackageSystem	Installed	CheckAndInstallPackages	3	FileUtilsExists	3	Directoryvardir	3Stageinitial$"
SuSEfirewall2$($-any$2
$7EXT$:
$=$@$C
FW_ALLOW_FW_BROADCAST_DMZnoFW_ALLOW_FW_BROADCAST_EXTnoFW_ALLOW_FW_BROADCAST_INTnoFW_ALLOW_FW_TRACEROUTEyesFW_ALLOW_PING_FWyesFW_IGNORE_FW_BROADCAST_DMZnoFW_IGNORE_FW_BROADCAST_EXTyesFW_IGNORE_FW_BROADCAST_INTnoFW_IPSEC_TRUSTnoFW_LOG_ACCEPT_ALLnoFW_LOG_ACCEPT_CRITyesFW_LOG_DROP_ALLnoFW_LOG_DROP_CRITyes
FW_MASQUERADEnoFW_PROTECT_FROM_INTnoFW_ROUTEno$W$Z	INTDMZEXT$]EXT
External ZonebaseINT
Internal ZonebaseDMZDemilitarized Zonebase$gINT$j	TCPUDPRPCIP$m		tcp_ports	udp_ports	rpc_portsip_protocolsbroadcast_ports$p
$s	SuSEfirewall2_initSuSEfirewall2_setup$t	SuSEfirewall2_setupSuSEfirewall2_init$v 	)
FW_DEV_INT
FW_DEV_DMZ
FW_DEV_EXTFW_SERVICES_INT_TCPFW_SERVICES_INT_UDPFW_SERVICES_INT_RPCFW_SERVICES_INT_IPFW_SERVICES_DMZ_TCPFW_SERVICES_DMZ_UDPFW_SERVICES_DMZ_RPCFW_SERVICES_DMZ_IPFW_SERVICES_EXT_TCPFW_SERVICES_EXT_UDPFW_SERVICES_EXT_RPCFW_SERVICES_EXT_IPFW_PROTECT_FROM_INTFW_ROUTE
FW_MASQUERADEFW_FORWARD_MASQFW_FORWARD_ALWAYS_INOUT_DEVFW_ALLOW_FW_BROADCAST_EXTFW_ALLOW_FW_BROADCAST_INTFW_ALLOW_FW_BROADCAST_DMZFW_IGNORE_FW_BROADCAST_EXTFW_IGNORE_FW_BROADCAST_INTFW_IGNORE_FW_BROADCAST_DMZFW_SERVICES_ACCEPT_RELATED_EXTFW_SERVICES_ACCEPT_RELATED_INTFW_SERVICES_ACCEPT_RELATED_DMZFW_LOG_DROP_CRITFW_LOG_DROP_ALLFW_LOG_ACCEPT_CRITFW_LOG_ACCEPT_ALLFW_IPSEC_TRUSTFW_SERVICES_ACCEPT_EXTFW_SERVICES_ACCEPT_INTFW_SERVICES_ACCEPT_DMZFW_LOAD_MODULESFW_CONFIGURATIONS_EXTFW_CONFIGURATIONS_INTFW_CONFIGURATIONS_DMZ$!	FW_FORWARD_MASQFW_SERVICES_ACCEPT_EXTFW_SERVICES_ACCEPT_INTFW_SERVICES_ACCEPT_DMZ$"nf_conntrack_netbios_ns%#key_name	(&&--		contains!%$&%%,	
y2milestone	
%Reseting firewall-modified to 'false'&%&-$*	%+what_to_report	(		contains*4-4&*			add*-%,-		contains(%-- %.&+%
/&-%0-%"1variable	-#	%+2	variables	,,		foreachvariable	value	$-		SCR::Read	add	.sysconfig.SuSEfirewall2(/||&01(4		regexpmatch		
[ 	]*\\[ 	]*
44rules	$5			splitstring			\ 	
&6			filterone_rule	&&&9			mergestring			 (>		regexpmatch		
&?			mergestring						splitstring			
 (B		regexpmatch			&C			mergestring						splitstring				 'E%N3	variables	,O		foreachvariable	'Q1%]4	variables	write_statusvalue	$^$_,a		foreachvariable	&c	1(e#4e&f			mergestring						splitstring			 
&i
SCR::Write	add	.sysconfig.SuSEfirewall2(n!4n,o/etc/sysconfig/SuSEFirewall.p&t
SCR::Write.sysconfig.SuSEfirewall2(u!4u,v/etc/sysconfig/SuSEFirewall-y%5protocol	-		contains%6zone	is_zone$,		foreach
known_zone	&(4&.-%7zone	(64-		tolower		-%8zone_string	(6		toupper		4-		toupper		-%9zone	protocol	-			splitstring				+			+			+			FW_SERVICES__ %:allowed_services	zone	protocol	,$'+			+			+			FW_SERVICES__			mergestring					toset %;zone	-	+			FW_ALLOW_FW_BROADCAST_no%<zone	broadcast_configuration	,$'+			FW_ALLOW_FW_BROADCAST_%=
allowed_ports		$
,		foreachzone	&	broadcast	$;(no4'	(yes4'9UDP4'			splitstring			 '			filter	not_space				splitstring			 ,	
y2debug	
Allowed Broadcast Ports: %1-
%>,$,		foreachzone	&,<			mergestring					 %'?needed_ports	zone	allowed_ports_map		allowed_ports_divided		
is_allowed((size4(,)	
	y2warning	
%Unknown service with no needed ports!-*$.=$1
		(6&&ports			port_ranges			46-7&:$<,>		foreachneeded_port	(@&&!		containsports		!
port_ranges		4C&D.E-I%R@needed_ports	zone	
allowed_ports		list_ports_allowed	,S$$U=$V		,Y		foreachallow_this_port	aliases_of_port	$[&\			filterjust_allowed	!		contains'`,c>%kAneeded_ports	zone	(m!?4m
allowed_ports		list_ports_allowed	,n$$p=$q		,t		foreachallow_this_port	aliases_of_port	$v&w			filterjust_allowed	!		contains&{			add'},>%Bremove_service	protocol	zone	key	allowed	,$$+			+			+			FW_SERVICES__$			splitstring				 &			filtersingle_service	&&'			mergestring					toset -%Cremove_ports	protocol	zone	check_for_aliasesallowed_services		already_removedallowed_services_all	
(size4,	
	y2warning	
/Undefined list of %1 services/ports for service-,$$
9(4remove_ports_with_aliases	$	,		foreachremove_port	remove_these_ports	(
4&			add-$(4&&	union&&		toset$	,		foreachremove_port	'ports			filterallowed_port	ports		&&(port_ranges			4(!
4remove_port_nr$(!contains4&add'port_ranges
port_ranges		4(!contains4'port_ranges			filterone_port_range	port_ranges		&add$	unionports		port_ranges		&
,:%D	add_ports	protocol	zone	allowed_services	(size4,	
	y2warning	
/Undefined list of %1 services/ports for service-,$$9&	union&
,:%Eservice	zone	supported_services	(!64-(4,	
y2error	
Service Id can't be nil!-(		regexpmatch		^service:.*4&					regexpsub				
^service:(.*)\1$ 			splitstring				+			FW_CONFIGURATIONS_ &"			filterone_service	'%+			FW_CONFIGURATIONS_			mergestring			 ,'$%3Fservice	zone	supported_services	(4!644-5(848,9	
y2error	
Service Id can't be nil!-:(;		regexpmatch		^service:.*4;&<					regexpsub				
^service:(.*)\1$A			splitstring				+			FW_CONFIGURATIONS_ &C		toset			add'D+			FW_CONFIGURATIONS_			mergestring			 ,F$%PGservice	zone	needed		$Q(S4S,T	
y2error	
Undefined service '%1'-U(Y4Y(Z',[E-],`$,c		foreachkey	needed_ports	$d		(e	-e(g	tcp_ports4g,hCTCP(i	udp_ports4i,jCUDP(k	rpc_ports4k,lCRPC(mip_protocols4m,nCIP(obroadcast_ports4o,p@4q,r	
y2error	
Unknown key '%1'%~Hservice	zone	needed		$(4,	
y2error	
Undefined service '%1'-,$(4,F-('4,G,		foreachkey	needed_ports	$		(	-(	tcp_ports4,DTCP(	udp_ports4,DUDP(	rpc_ports4,DRPC(ip_protocols4,DIP(broadcast_ports4,A4,	
y2error	
Unknown key '%1'$I%J(4,	
y2error	
Wrong value: %1-&I(I4,	
y2milestone	
0SuSEfirewall2 packages will installed if missing4,	
y2milestone	
<SuSEfirewall2 packages will not be installed even if missing$K%L(K4(&&I4&K,	
y2milestone	
CheckAndInstallPackages -> %1K4&K,	
y2milestone	
Installed -> %1K(K4,	
y2milestone	
+SuSEfirewall2 is not installed, skipping...-K$M%N-||%O&%P-Unknown Zonebase	%Q,
$(4'FW_PROTECT_FROM_INTyes4'FW_PROTECT_FROM_INTno%R-	FW_PROTECT_FROM_INTnoyes%$S,%$('4''(FW_ROUTEyes4)'*FW_ROUTEno%3T-4	FW_ROUTEnoyes%>U,?$(Bno4B'CFW_IPSEC_TRUSTno4D(F64F&G7'HFW_IPSEC_TRUST4Jdefaultv	$K1FW_IPSEC_TRUST,L	
	y2warning	
2Trust IPsec as '%1' (unknown zone) changed to '%2''MFW_IPSEC_TRUST%XV(ZFW_IPSEC_TRUSTno4Z-[no(]FW_IPSEC_TRUSTyes4]-^INT4_zone	$`8	FW_IPSEC_TRUST(b64b-c4edefaultv	,f$$g1FW_IPSEC_TRUST,h	
	y2warning	
2Trust IPsec as '%1' (unknown zone) changed to '%2'	FW_IPSEC_TRUST,iU-jno%uW-vstart_firewall%X(!L4,	
	y2warning	
Cannot set SetStartService-(W4,$,	
y2milestone	
Setting start-firewall to %1'start_firewall4,	
y2milestone	
)start-firewall has been already set to %1'start_firewall%Y-enable_firewall%Z(!L4,	
	y2warning	
Cannot set SetEnableService-(Y4,$,	
y2milestone	
Setting enable-firewall to %1'enable_firewall4,	
y2milestone	
*enable-firewall has been already set to %1'enable_firewall%[all_oktmpdir_file	command	cmd$(!L-(-$		SCR::Read.target.tmpdir(||&/var/lib/YaST2&+			/SuSEfirewall2_YaST_output$		
sformat		
7/sbin/SuSEfirewall2 start 2>'%1'; cat '%1'; rm -rf '%1',	
y2milestone	
Starting firewall...$SCR::Execute.target.bash_output(exit4,	
y2error	
#Starting firewall: >%1< returned %2&4,	
y2milestone	
Started-%\all_oktmpdir_file	command	cmd$(!L-(-$		SCR::Read.target.tmpdir(||&/var/lib/YaST2&+			/SuSEfirewall2_YaST_output$		
sformat		
6/sbin/SuSEfirewall2 stop 2>'%1'; cat '%1'; rm -rf '%1',	
y2milestone	
Stopping firewall...$SCR::Execute.target.bash_output(exit4,	
y2error	
#Stopping firewall: >%1< returned %2&4,	
y2milestone	
Stopped-%]all_ok$(!L-,		foreachservice	,	
y2debug	
Enabling service: %1(!4&,			
sformat		
Cannot enable service '%1'.base-
%^all_ok$(!L-,		foreachservice	,	
y2debug	
Disabling service: %1(!4&, 		
sformat		
Cannot disable service '%1'.base-$%/_enabled$0(2!L-2,5		foreachservice	&6(8!48,9	
y2milestone	
"Firewall service %1 is not enabled.:(?4?,@	
y2milestone	
!Firewall init scripts are enabled-C%L`started$M(O!L-O,R		foreachservice	(S4S&T.U(Z4Z,[	
y2milestone	
Firewall services are started4\,]	
y2milestone	
Firewall services are stopped-`%ha-i%qb,r$&t%c
interfaces	$			splitstring				+			FW_DEV_ -		contains%dinterface_zone$	,		foreachzone	&(c&add(&&0size4,		
sformat		
Interface '%1' is included in multiple firewall zones.
Continuing with configuration can produce errors.

It is recommended to leave the configuration and repair it manually in
the file '/etc/sysconfig/SuSEFirewall'.base-	%ezones	zone	$	$,		foreach	interface	&d(&			add-		toset%gzones	zone	interfaces_covered_by_any	$	$$f,		foreach	interface	(		contains&&d(&			add-		toset%hknown_interfaces		dialup_interfaces	non_dialup_interfaces	$	$dialup(&	&			filter	one_iface	(||4,	
y2error	
Wrong interface definition '%1'--&			filter	interface	&&&&!		issubstring		lo!		issubstring		sit$(&	&			filter	one_iface	(||4,	
y2error	
Wrong interface definition '%1'--&			filter	interface	&&&&&&!		issubstring		lo!		issubstring		sit!		contains,		foreach	interface	&							addidtypedialupnameNAMEzoned,		foreach	interface	&						addidnameNAMEzoned-%$inon_dial_up_interfaces	$%	,&				foreach	interface		h('type	dial_up&(			addid	-+%4jdial_up_interfaces	$5	,6				foreach	interface		h(7type	dial_up&8			addid	-;%Dk
interfaces	$E	,Gforeach
interface_maph&H			add	id-K%Ulinterfaces_in_zone	,V$,X	
y2milestone	
'Removing interface '%1' from '%2' zone.$Z			splitstring				+			FW_DEV_ &[			filtersingle_interface	&&'^+			FW_DEV_			mergestring			 %imcurrent_zone	interfaces_in_zone		,j$$ld,n/)p&&4p(r4r,sl&ud,w.,y	
y2milestone	
%Adding interface '%1' into '%2' zone.$z			splitstring				+			FW_DEV_ &{		toset			add'|+			FW_DEV_			mergestring			 %ninterfaces_in_zone	known_interfaces_now	$			splitstring				+			FW_DEV_ $k&			filter	interface	&&		contains-%ofirewall_configured_devices	$	,		foreachzone	&&	unionn-		toset%presult	$	(&&,4known_interfaces_now	configured_interfaces	$k$o,		foreach
one_interface	(!		contains4,	
y2milestone	
<Interface '%1' supported by special string '%2' in zone '%3'&			add-%finterfaces_in_zone	interfaces_covered_by_any	$n$p(size4&	union-%rzones	ret(!54,	
y2error	
Unknown protocol: %1-$	(any4&&(64&			add4&d(4&			add(&&!R		contains4,	
y2milestone	
IChecking for service '%1', in '%2', PROTECT_FROM_INTERNAL='no' => allowed-$,		foreachzone	(q4&.-%ssuccesszones_affected	$,	
y2milestone	
$Adding service %1, protocol %2 to %3(!54, 	
y2error	
Unknown protocol: %1-!$$	('all4'&(&4+(-!64-&/d(141,3		
sformat		
WInterface '%1' is not assigned to any firewall zone.
Run YaST2 Firewall and assign it.
base,7	
	y2warning	
3Interface '%1' is not assigned to any firewall zone-8&;,>$,A		foreachzone	(C!q4C,DD4E,F	
y2milestone	
&Port %1 has been already allowed in %2-J%[tsuccesszones_affected	$\,]	
y2milestone	
(Removing service %1, protocol %2 from %3(_!54_,`	
y2error	
Unknown protocol: %1-a$d	(gall4g&h&4k(l!64l&nd(p4p,r		
sformat		
WInterface '%1' is not assigned to any firewall zone.
Run YaST2 Firewall and assign it.
base,v	
	y2warning	
3Interface '%1' is not assigned to any firewall zone-w&z,}$,		foreachzone	(q4,C4,	
y2milestone	
(Port %1 has been already removed from %2-%qneeded_ports	protocol	zone	check_for_aliasesare_allowed
allowed_ports		$(size4,	
	y2warning	
/Undefined list of %1 services/ports for service-$
(4&
94'ports9,		foreachneeded_port	(&&!		containsports		!
port_ranges		4&.-%uservice	zone	supported_services	(!64-(4,	
y2error	
Service Id can't be nil!-(		regexpmatch		^service:.*4&					regexpsub				
^service:(.*)\1$			splitstring				+			FW_CONFIGURATIONS_ -		contains%'needed		service_is_supported(!64-$(4,	
y2error	
Undefined service '%1'-(&&!R4,	
y2milestone	
IChecking for service '%1', in '%2', PROTECT_FROM_INTERNAL='no' => allowed-(4	supported$u-$,		foreachkey	needed_ports	$		(	-(	tcp_ports4&	qTCP(
	udp_ports4
&qUDP(	rpc_ports4&
qRPC(ip_protocols4&qIP(broadcast_ports4&?4,	
y2error	
Unknown key '%1'(.-%,vinterface_in_zone		services_status		$.
,0		foreach	interface	k	zone_used	$2d(4||44-5'7			add		$;
,>		foreachservice	'?
,A				foreachzone	
interfaces	status$B',D		foreach	interface	'E-J%]wservices_status		$_
,b		foreachservice	'c
,e		foreachzone	&'f'-j%|x(~size&~&,		foreach
service_id	,		foreach
firewall_zone	(!64,	
y2error	
/Zone '%1' is unknown firewall zone, skipping...-,$(4,	
y2milestone	
Adding '%1' into '%2' zone,H4,	
y2milestone	
Removing '%1' from '%2' zone,G%yfirewall_zones	$g(size4,	
y2error	
2Interfaces '%1' are not in any group if interfaces-,$-x%z&
,3-%{&
'enable_firewall_'start_firewall`,2-$|+			
)/yast2-firewall-already-converted-to-sdbp$}%&&'enable_firewall'start_firewall&M%
have_progress&(4,	
y2milestone	
2SuSEfirewall2 configuration has been read already.-M(4,	
	y2warning	
/Stage::initial -> firewall can't be configured.,-(!L4,	
	y2warning	
APackage not installed, disabling SuSEfirewall2-related functions.,-&	M$	(	4	read_caption	$
	#Initializing Firewall Configurationbase,		 Check for network devicesbaseRead current configurationbase#Check possibly conflicting servicesbase.Read dynamic definitions of installed servicesbaseChecking for network devices...base Reading current configuration...base)Checking possibly conflicting services...base4Reading dynamic definitions of installed services...base,%		,)	(+	||4+	make_parser_happy$/	(2	,2		(6	46	,7	z49	,:	{(=	,=		,D		
y2milestone	
)Firewall configuration has been read: %1.&F	(H	,H		,J	(L	,L		,P	~(R	,R		-T	%^	ret$_	,a			foreachfw_zone	&fw_rule	listed_services	
services_list	$b			
sformat		
FW_SERVICES_%1_RPC$c		1(e	||-e	$h				splitstring			 
	&i				filterservice	(l		size	4l	&m	.n	,r		
y2milestone	
Some RPC service found: %1-s	%|	(~	!L-~	(	W4	(	!`4	,		
y2milestone	
Starting firewall services-	[4	(	||N4	,		
y2milestone	
Stopping firewall services,	\,		
y2milestone	
Starting firewall services-	[4	,		
y2milestone	
;Configuration hasn't modified, skipping restarting services-	4	(	`4	,		
y2milestone	
Stopping firewall services-	\4	,		
y2milestone	
!Firewall has been stopped already-	%	
have_progress
(	!L-	$	(	4	
write_caption	$	Writing Firewall Configurationbase,		 Write firewall settingsbaseAdjust firewall servicebaseWriting firewall settings...baseAdjusting firewall service...base,		(	N4	,		
y2milestone	
5Firewall configuration has been changed. Writing: %1.(	!4-4	,	Writing settings failedbase-	4	,		
y2milestone	
/Firewall settings weren't modified, skipping...(	,		(	N4	(	enable_firewall4	,		
y2milestone	
Enabling firewall services(	!]4	-	4	,		
y2milestone	
Disabling firewall services(	!^4	-	4	,		
y2milestone	
4Firewall enable/disable wasn't modified, skipping...(	,		(	&&}!|4	,		
y2milestone	
Writing %1: %2|
SCR::Write.target.string|(	,		-	%
-
%
,
(
!L-
(
!-
(
!-
-
%#
,$
	
y2milestone	
Forced save and restart,%
$,'
X()
!4)
-*
--
%;
additional_services	all_allowed_services	all_used_services	$<
	(>
!54>
,?
	
y2error	
Unknown protocol '%1'-@
(B
!64B
,C
	
y2error	
Unknown zone '%1'-D
$H
9$K
	,N
				foreach
service_id	service_name	(P
'4P

needed_all	$S
	(T
TCP4T
&U
(V
UDP4V
&W
(X
RPC4X
&Y
(Z
IP4Z
&[
,]
		foreachremove_port	&_
	union(h
size4h
&i
		toset&k
			filterport	!		contains-q
%
old_list_services	$
		toset&
		toset(
4
add_services	remove_services	,
$$
	$
	,
		foreachservice	(
!		contains&
			add,
		foreachservice	(
!		contains&
			add(
size4
,
	
y2milestone	
/Removing additional services %1/%2 from zone %3,
C(
size4
,
	
y2milestone	
-Adding additional services %1/%2 into zone %3,
D%
any_firewall_runningcommand	iptables$
$
-iptables -L -n | grep -v "^\(Chain\|target\)"$
SCR::Execute.target.bash_output(
exit4

iptables_list	$
			splitstring				stdout
&
			filteriptable_rule	,
	
y2milestone	
 Count of active iptables now: %1size(
size4
&
4
&
4
,
	
y2error	
$Services Command: %1 (Exit %2) -> %3exitstderr-
(
&&!`4
,
	
	y2warning	
 Any other firewall is running...-
-
%
firewall_interfaces_now		known_interfaces	$

$
k,
		foreachzone	&'
			filter	interface	n		contains-
%
(interfaces_in_zone	known_interfaces_now	$
			splitstring				+			FW_DEV_ $
n&
			filter	interface	&&!		contains-
%interfaces_in_zone	,$,	
y2milestone	
,Removing special string '%1' from '%2' zone.$
			splitstring				+			FW_DEV_ &			filtersingle_interface	&&'+			FW_DEV_			mergestring			 %)interfaces_in_zone	,$,	
y2milestone	
*Adding special string '%1' into '%2' zone.$			splitstring				+			FW_DEV_ &		toset			add'+			FW_DEV_			mergestring			 %%-&&&	
FW_MASQUERADEnoyes	FW_ROUTEnoyes%.,/$'1
FW_MASQUERADEyesno(4'4FW_ROUTEyes%K
list_of_rules		$L	,N		foreachforward_rule				splitstring				FW_FORWARD_MASQ fw_rul	(O-O$R			splitstring			,(U||||||				,V	
	y2warning	
5Wrong definition of redirect rule: '%1', part of '%2'	FW_FORWARD_MASQ&Z						add
source_net	
forward_to	protocol		tolower			req_port		tolower			to_port		tolower				req_ip		tolower			-e%p
forward_rules	row_counter,q$$s	$u,v		foreachforward_rule				splitstring				FW_FORWARD_MASQ (w-w(y4y&z			add&}+'FW_FORWARD_MASQ			mergestring			 %masquerade_rules	,$$	FW_FORWARD_MASQ&+			+			+			+			+			+			+			+			 ,,,(||4(4&+			+			+			+			,,(4&+			+			,'FW_FORWARD_MASQ%ret_val	$(ACCEPT4(	FW_LOG_ACCEPT_ALLnoyes4&ALL(	FW_LOG_ACCEPT_CRITyesyes4&CRIT4&NONE(DROP4(	FW_LOG_DROP_ALLnoyes4&ALL(	FW_LOG_DROP_CRITyesyes4&CRIT4&NONE4,	
y2error	
*Possible rules are only 'ACCEPT' or 'DROP'-%,$(ACCEPT4(ALL4'FW_LOG_ACCEPT_CRITyes'FW_LOG_ACCEPT_ALLyes(CRIT4'FW_LOG_ACCEPT_CRITyes'FW_LOG_ACCEPT_ALLno4'FW_LOG_ACCEPT_CRITno'FW_LOG_ACCEPT_ALLno(DROP4(ALL4'FW_LOG_DROP_CRITyes'FW_LOG_DROP_ALLyes(CRIT4'FW_LOG_DROP_CRITyes'FW_LOG_DROP_ALLno4'FW_LOG_DROP_CRITno'FW_LOG_DROP_ALLno4,	
y2error	
*Possible rules are only 'ACCEPT' or 'DROP'%(!64,	
y2error	
Unknown zone '%1'--	+			FW_IGNORE_FW_BROADCAST_no%(!64,	
y2error	
Unknown zone '%1'-,$'+			FW_IGNORE_FW_BROADCAST_%%,4	
y2milestone	
DThe whole functionality is currently handled by SuSEfirewall2 itself%A&B		toupper		(E!		contains&4E,F	
y2error	
Unknown firewall zone: %1-G-J	+			FW_SERVICES_ACCEPT_%T&U		toupper		(X!		contains&4X,Y	
y2error	
Unknown firewall zone: %1-Z']+			FW_SERVICES_ACCEPT_,^$-`%k	k_modules	$l			splitstring				FW_LOAD_MODULES 	
&n			filter
one_module	-r		toset%~&			filter
one_module	(4,	
y2error	
6List of modules %1 contains 'nil'! It will be ignored.-(4,	
	y2warning	
@List of modules %1 contains an empty string, it will be ignored.-(||		regexpmatch		 		regexpmatch			4,	
	y2warning	
\Additional module '%1' contains spaces. They will be evaluated as two or more modules later.-'FW_LOAD_MODULES			mergestring			 ,$$tcpTCPbaseudpUDPbase_rpc_RPCbaseipIPbase%&		tolower		(4-(	4,	
y2error	
Unknown protocol: %1-		
sformat		
Unknown protocol (%1)base4-	%(!64,	
y2error	
Uknown zone '%1'-	-			splitstring				+			FW_SERVICES_ACCEPT_RELATED_ 	
%(!64,	
y2error	
Uknown zone '%1'-&			filterone_rule	,$'+			FW_SERVICES_ACCEPT_RELATED_			mergestring			
%needs_additional_module$,		foreachone_zone	&(size4,	
y2milestone	
&Some ServicesAcceptRelated are defined&.(4	k_modules	$			splitstring				FW_LOAD_MODULES (!		contains"4,	
	y2warning	
*FW_LOAD_MODULES doesn't contain %1, adding"&			add"'FW_LOAD_MODULES			mergestring			 ,$%
old_service_def	zone	,
	
y2milestone	
Removing: %1 from zone %2(

	tcp_ports		4

,
		foreachone_service		tcp_ports	,
tTCP(
	udp_ports		4
,
		foreachone_service		udp_ports	,
tUDP(
	rpc_ports		4
,
		foreachone_service		rpc_ports	,
tRPC(
ip_protocols		4
,
		foreachone_service	ip_protocols	,
tIP("
broadcast_ports		4"
	broadcast		$#
='%
			filterone_port			!containsbroadcast_ports	,)
>%2
~current_conf			(3
}43
-4
(7
|47
,8
	
y2milestone	
(Configuration has been already converted&9
}-:
$>

,@
		foreachzone	&'A

,C
		foreachprotocol	'D
9'E
	broadcast			splitstring			; 
,I
	
y2milestone	
Current conf: %1,K
		foreachzone	&,L
				foreachold_service_id	old_service_def	replaced
,M
	
y2milestone	
Checking %1 in %2 zone(O
&&	tcp_ports		q	tcp_ports	TCP-P
(R
&&	udp_ports		q	udp_ports	UDP-S
(U
&&	rpc_ports		q	rpc_ports	RPC-V
(X
&&ip_protocols		qip_protocols	IP-Y
([
&&broadcast_ports		?broadcast_ports	-\
(^

convert_to		4^
,_
	
y2milestone	
9Service %1 supported, but it doesn't have any replacement-`
$c
,e
		foreachreplacement	
convert_to	(f
4f
,g
	
y2milestone	
Old service %1 matches %2,h
,i
x&j
.k
(o
!4o
,p
	
	y2warning	
0Old service %1 matches %2 but none are installed
convert_to	,u
	
y2milestone	
Converting done&v
}

ACC SHELL 2018