[PATCH 1/2] add_interface() called with wrong number of parameters
by Jiri Popelka
In firewall/core/fw_zone.py we define add_interface as
add_interface(zone, interface, timeout=0, sender=None)
but we call it in server/firewalld.py:addInterface()
as zone.add_interface(zone, interface, sender)
which means that we pass the sender value into the timeout parameter.
I'm not sure how this is supposed to work so this patch is just a
suggestion.
---
src/firewall/core/fw_zone.py | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index 89593dc..71d62d4 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -294,7 +294,7 @@ class FirewallZone:
if not enable:
self.remove_chain(zone, table, chain)
- def add_interface(self, zone, interface, timeout=0, sender=None):
+ def add_interface(self, zone, interface, sender=None):
self._fw.check_panic()
_zone = self._fw.check_zone(zone)
_obj = self._zones[_zone]
@@ -310,7 +310,7 @@ class FirewallZone:
_obj.interfaces.append(interface)
_obj.settings["interfaces"][interface_id] = \
- self.__gen_settings(timeout, sender)
+ self.__gen_settings(0, sender)
return _zone
--
1.7.7.6
12 years
[PATCH] firewall-cmd: fix usage()
by Jiri Popelka
I've been confused with the following:
--add|--enable - this looks like they are synonyms which isn't true
--remove|--disable - the same as previous
--masquerade action can be used only with --enable|--disable|--query
---
src/firewall-cmd | 15 +++++++++------
1 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/firewall-cmd b/src/firewall-cmd
index 174ff55..5759508 100755
--- a/src/firewall-cmd
+++ b/src/firewall-cmd
@@ -45,18 +45,21 @@ def usage():
--get-zone-of-interface=<interface>
--zone=<zone>
- Modes:
- --add|--enable [--timeout=<seconds>] <action>
- --remove|--disable <action>
- --query <action>
+ Mode:
+ --add [--timeout=<seconds>] <action>
+ --remove <action>
+ --enable [--timeout=<seconds>] <masquerade>
+ --disable <masquerade>
+ --query <action> | <masquerade>
--list=<action>
- Actions:
+ Action:
--service=<service>
--port=<port>[-<port>]/<protocol>
--interface=<interface>
- --masquerade
--forward-port=port=<port>:proto=<protocol>[:toport=<destinaton port>][:toaddr=<destination address>]
--icmp-block=<icmp type>
+ Masquerade:
+ --masquerade
""")
try:
--
1.7.7.6
12 years, 1 month
[PATCH 1/3] client.py: fix typo in getInterfaces()
by Jiri Popelka
---
src/firewall/client.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/firewall/client.py b/src/firewall/client.py
index 4034e44..657e7b4 100644
--- a/src/firewall/client.py
+++ b/src/firewall/client.py
@@ -113,7 +113,7 @@ class FirewallClient(object):
@slip.dbus.polkit.enable_proxy
def getInterfaces(self, zone):
- return dbu_to_python(self.fw_zone.getInterfaces(zone))
+ return dbus_to_python(self.fw_zone.getInterfaces(zone))
@slip.dbus.polkit.enable_proxy
def queryInterface(self, interface):
--
1.7.7.6
12 years, 1 month
[PATCH] firewalld.service: do not fork
by Jiri Popelka
I've been thinking that systemd prefers services to not fork.
---
config/firewalld.service | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/config/firewalld.service b/config/firewalld.service
index 53b5bc3..e0a538e 100644
--- a/config/firewalld.service
+++ b/config/firewalld.service
@@ -5,9 +5,8 @@ Before=network.target
Conflicts=iptables.service ip6tables.service ebtables.service
[Service]
-Type=forking
EnvironmentFile=-/etc/sysconfig/firewalld
-ExecStart=/usr/sbin/firewalld
+ExecStart=/usr/sbin/firewalld --nofork
ExecReload=/usr/bin/firewall-cmd --reload
[Install]
--
1.7.7.6
12 years, 1 month
[PATCH] firewall-cmd: fix bug in --list=port and --port action help message
by Jiri Popelka
---
src/firewall-cmd | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/firewall-cmd b/src/firewall-cmd
index e60d6c3..1063060 100755
--- a/src/firewall-cmd
+++ b/src/firewall-cmd
@@ -53,7 +53,7 @@ def usage():
--list=interface lists interfaces of a zone
Actions:
--service=<service>
- --port=<port>[-<port>]:<protocol>
+ --port=<port>[-<port>]/<protocol>
--masquerade
--forward-port=port=<port>:proto=<protocol>[:toport=<destinaton port>][:toaddr=<destination address>]
--icmp-block=<icmp type>
@@ -262,7 +262,7 @@ try:
if mode == "list":
l = fw.getPorts(zone)
if len(l) > 0:
- print(", ".join(["%s/%s" % port for port in l]))
+ print(", ".join(["%s/%s" % (port[0], port[1]) for port in l]))
else:
try:
(port, proto) = value.split("/")
--
1.7.7.6
12 years, 1 month
[PATCH] firewall-cmd: fix bug in --list=service
by Jiri Popelka
---
src/firewall-cmd | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/firewall-cmd b/src/firewall-cmd
index 7e8bf21..e60d6c3 100755
--- a/src/firewall-cmd
+++ b/src/firewall-cmd
@@ -247,7 +247,7 @@ try:
# service
elif action == "service":
if mode == "list":
- l = z.getServices(zone)
+ l = fw.getServices(zone)
if len(l) > 0:
print(", ".join(l))
elif mode == "add":
--
1.7.7.6
12 years, 1 month