merge dispatch to HEAD

1 files changed, 89 insertions, 0 deletions

diff --git a/firewall.py b/firewall.py
new file mode 100644
index 000000000..00f3c819c
--- /dev/null
+++ b/firewall.py
@@ -0,0 +1,89 @@
+import os
+import iutil
+import string
+from log import log
+from flags import flags
+
+class Firewall:
+    def __init__ (self):
+	self.enabled = -1
+	self.ssh = 0
+	self.telnet = 0
+	self.smtp = 0
+	self.http = 0
+	self.ftp = 0
+	self.portlist = ""
+	self.ports = []
+	self.policy = 0
+	self.dhcp = 0
+	self.trustdevs = []
+
+    def writeKS(self, f):
+	f.write("firewall")
+
+	if self.enabled > 0:
+	    for arg in self.getArgList():
+		f.write(" " + arg)
+	else:
+	    f.write(" --disabled")
+
+	f.write("\n")
+
+    def getArgList(self):
+	args = []
+
+	if self.policy:
+	    args.append ("--medium")
+	else:
+	    args.append ("--high")
+	if self.dhcp:
+	    args.append ("--dhcp")
+	if self.portlist:
+	    ports = string.split(self.portlist,',')
+	    for port in ports:
+		port = string.strip(port)
+                try:
+                    if not string.index(port,':'):
+                        port = '%s:tcp' % port
+                except:
+                    pass
+		self.ports.append(port)
+	for port in self.ports:
+	    args = args + [ "--port", port ]
+	if self.smtp:
+	    args = args + [ "--port","smtp:tcp" ]
+	if self.http:
+	    args = args + [ "--port","http:tcp" ]
+	if self.ftp:
+	    args = args + [ "--port","ftp:tcp" ]
+	if self.ssh:
+	    args = args + [ "--port","ssh:tcp" ]
+	if self.telnet:
+	    args = args + [ "--port","telnet:tcp" ]
+	for dev in self.trustdevs:
+	    args = args + [ "--trust", dev ]
+
+	return args
+
+    def write (self, instPath):
+	args = [ "/usr/sbin/lokkit", "--quiet", "--nostart" ]
+
+	if self.enabled > 0:
+	    args = args + self.getArgList()
+
+            try:
+                if flags.setupFilesystems:
+                    iutil.execWithRedirect(args[0], args, root = instPath,
+                                           stdout = None, stderr = None)
+                else:
+                    log("would have run %s", args)
+            except RuntimeError, msg:
+                log ("lokkit run failed: %s", msg)
+            except OSError, (errno, msg):
+                log ("lokkit run failed: %s", msg)
+        else:
+            # remove /etc/sysconfig/ipchains
+	    file = instPath + "/etc/sysconfig/ipchains"
+	    if os.access(file, os.O_RDONLY):
+                os.remove(file)
+