ACC SHELL
/**
* Copyright 2004, Novell, Inc. All rights reserved.
*
* File: modules/SuSEFirewall4Network.ycp
* Package: Network Configuration
* Summary: Module for handling interfaces in SuSEfirewall2
* Authors: Lukas Ocilka <locilka@suse.cz>
*
* $Id: SuSEFirewall4Network.ycp 58337 2009-08-13 15:15:13Z kmachalkova $
*
* Module for handling network interfaces in SuSEfirewall2 using SuSEFirewall
* module.
*/
{
module "SuSEFirewall4Network";
textdomain "network";
import "SuSEFirewall";
import "SuSEFirewallProposal";
import "Stage";
boolean firewall_enabled_1st_stage = false;
boolean ssh_enabled_1st_stage = false;
/**
* Function reads configuration of SuSEFirewall.
*
* @return boolean if successful
*/
global define boolean Read () {
y2milestone("Reading the firewall configuration");
return SuSEFirewall::Read();
}
/**
* Function writes configuration of SuSEFirewall.
*
* @return boolean if successful
*/
global define boolean Write () {
y2milestone("Writing the firewall configuration");
return SuSEFirewall::Write();
}
/**
* @return boolean whether enabled and started
*/
global boolean IsOn () {
return
SuSEFirewall::GetEnableService () &&
SuSEFirewall::GetStartService ();
}
/**
* Function returns list of items for combo box with all known
* firewall zones.
* There's also an item for "" (no zone or fw off).
*
* @return item list for CWM
*/
global define list< list<string> > FirewallZonesComboBoxItems () {
list< list<string> > list_items = [];
boolean protected_from_internal = SuSEFirewall::GetProtectFromInternalZone();
string nozone = IsOn ()?
// item in combo box Firewall Zone
_("Automatically Assigned Zone"):
// item in combo box Firewall Zone
_("Firewall Disabled");
list_items = add (list_items, ["", nozone]);
// Listing all known zones
foreach (string zone_shortname, SuSEFirewall::GetKnownFirewallZones(), {
// Getting zone name for zone
// Informing user about Unprotected inetrnal zone
string zone_name = SuSEFirewall::GetZoneFullName(zone_shortname)
+ ((zone_shortname == "INT" && !protected_from_internal) ?
// TRANSLATORS: Part of combo box item -> "Internal Zone (Unprotected)"
" " + _("(Unprotected)")
:
""
);
list_items = add (list_items, [zone_shortname, zone_name]);
});
return list_items;
}
/**
* Function returns if interface is protected by firewall.
* It means: Firewall is Running and Enabled. Interface is included
* in any protected firewall zone (means EXT, DMZ or INT).
*
* @param string interface
* @return boolean if it is protected
*/
global define boolean IsProtectedByFirewall (string interface) {
string interface_zone = SuSEFirewall::GetZoneOfInterface(interface);
// interface is mentioned in uprotected zone
if (interface_zone == "INT" && !SuSEFirewall::GetProtectFromInternalZone()) {
y2warning("Interface '%1' is mentioned in uprotected zone '%2'", interface, "INT");
}
// firewall must be running and enabled, interface must be in any zone
return (IsOn () && interface_zone!=nil);
}
/**
* Function returns the firewall zone of interface, "" if no zone includes
* the interface. Error is reported when interface is found in multiple
* firewall zones, then the first appearance is returned.
* If firewall is off, "" is returned.
*
* @param string interface
* @return string zone
*/
global define string GetZoneOfInterface (string interface) {
if (!IsOn ())
{
return "";
}
string zoi = SuSEFirewall::GetZoneOfInterface (interface);
return (zoi == nil)? "": zoi;
}
/**
* Functions sets protection of interface by the protect-status.<br>
* protect==true -> add interface into selected firewall zone, sets firewall
* to be started and enabled when booting.<br>
* protect==false -> removes interface from all firewall zones, if there
* are no other interfaces protected by firewall, stops it
* and removes it from boot process.
*
* @param string interface
* @param string zone (makes sense for protect_status==true)
* @param boolean protect_status
* @return boolean if successful
*/
global define boolean ProtectByFirewall (string interface, string zone, boolean protect_status) {
// Adding protection
if (protect_status == true) {
y2milestone("Enabling firewall because of '%1' interface", interface);
SuSEFirewall::AddInterfaceIntoZone(interface, zone);
SuSEFirewall::SetEnableService(true);
SuSEFirewall::SetStartService(true);
// Removing protection
} else {
// removing from all known zones
foreach (string remove_from_zone, SuSEFirewall::GetKnownFirewallZones(), {
SuSEFirewall::RemoveInterfaceFromZone(interface, remove_from_zone);
});
// if there are no other interfaces in configuration, stop firewall
// and remove it from boot process
if (size(SuSEFirewall::GetFirewallInterfaces())==0) {
y2milestone("Disabling firewall, no interfaces are protected.");
SuSEFirewall::SetEnableService(false);
SuSEFirewall::SetStartService(false);
}
}
return true;
}
/**
* @return Whether the UI should warn about interfaces
* that are not in any zone
*/
global define boolean UnconfiguredIsBlocked () {
return ! SuSEFirewall::IsAnyNetworkInterfaceSupported ();
}
/**
* Function sets that a firewall proposal was changed by user
* by editing firewall zone of network interface
* (applicable during 2nd stage of installation only)
* @param boolean whether proposal was changed by user
*/
global define void ChangedByUser (boolean changed) {
if (Stage::cont())
SuSEFirewallProposal::SetChangedByUser(changed);
}
global define boolean IsInstalled() {
return SuSEFirewall::SuSEFirewallIsInstalled ();
}
global define void SetEnabled1stStage( boolean enabled) {
firewall_enabled_1st_stage = enabled;
}
global define boolean Enabled1stStage() {
return firewall_enabled_1st_stage;
}
global define void SetSshEnabled1stStage( boolean enabled) {
ssh_enabled_1st_stage = enabled;
}
global define boolean EnabledSsh1stStage() {
return ssh_enabled_1st_stage;
}
/* EOF */
}
ACC SHELL 2018