diff options
author | Jeremy Katz <katzj@redhat.com> | 2004-06-18 04:52:58 +0000 |
---|---|---|
committer | Jeremy Katz <katzj@redhat.com> | 2004-06-18 04:52:58 +0000 |
commit | 87d9b3563d67e50a3a40234c59d9a2580de319e5 (patch) | |
tree | d1c64576c65b10ad28a01f5ef19fb2158d6e3d7e /firewall.py | |
parent | 9197b56503dd9fb1fa33c162215cd47b0825d518 (diff) | |
download | anaconda-87d9b3563d67e50a3a40234c59d9a2580de319e5.tar.gz anaconda-87d9b3563d67e50a3a40234c59d9a2580de319e5.tar.xz anaconda-87d9b3563d67e50a3a40234c59d9a2580de319e5.zip |
major simplification of the firewall code. lose the trusted devices and
other ports selection. make the list of services easy to change and shared
between gui and text. lose dead code, update copyrights
Diffstat (limited to 'firewall.py')
-rw-r--r-- | firewall.py | 80 |
1 files changed, 44 insertions, 36 deletions
diff --git a/firewall.py b/firewall.py index ae2fbcad5..fec28247e 100644 --- a/firewall.py +++ b/firewall.py @@ -2,8 +2,9 @@ # firewall.py - firewall install data and installation # # Bill Nottingham <notting@redhat.com> +# Jeremy Katz <katzj@redhat.com> # -# Copyright 2003 Red Hat, Inc. +# Copyright 2004 Red Hat, Inc. # # This software may be freely redistributed under the terms of the GNU # library public license. @@ -19,19 +20,42 @@ import string from flags import flags from rhpl.log import log +from rhpl.translate import _, N_ + +class Service: + def __init__ (self, key, name, ports): + self.key = key + self.name = name + self.allowed = 0 + + if type(ports) == type(""): + self.ports = [ ports ] + else: + self.ports = ports + + + def set_enabled(self, val): + self.allowed = val + + def get_enabled(self): + return self.allowed + + def get_name(self): + return self.name + + def get_ports(self): + return self.ports class Firewall: def __init__ (self): self.enabled = 1 - self.ssh = 0 - self.telnet = 0 - self.smtp = 0 - self.http = 0 - self.ftp = 0 - self.portlist = "" - self.ports = [] - self.trustdevs = [] - self.selinux = "" + self.trusteddevs = [] + self.portlist = [] + self.services = [ Service("ssh", N_("Remote Login (SSH)"), "22:tcp"), + Service("http", N_("Web Server (HTTP, HTTPS)"), "80:tcp"), + Service("ftp", N_("File Transfer (FTP)"), "21:tcp"), + + Service("smtp", N_("Mail Server (SMTP)"), "25:tcp") ] def writeKS(self, f): f.write("firewall") @@ -53,33 +77,17 @@ class Firewall: args.append("--disabled") return args - if self.portlist: - ports = string.split(self.portlist,',') - for port in ports: - port = string.strip(port) - try: - if not string.index(port,':'): - port = '%s:tcp' % port - except: - pass - self.ports.append(port) - for port in self.ports: - args = args + [ "--port=%s" %(port,) ] - if self.smtp: - args = args + [ "--port=smtp:tcp" ] - if self.http: - args = args + [ "--port=http:tcp" ] - if self.ftp: - args = args + [ "--port=ftp:tcp" ] - if self.ssh: - args = args + [ "--port=ssh:tcp" ] - if self.telnet: - args = args + [ "--port=telnet:tcp" ] - if self.selinux: - args = args + [ "--selinux=%s" % self.selinux ] - for dev in self.trustdevs: - args = args + [ "--trust=%s" %(dev,) ] + for service in self.services: + if service.get_enabled(): + for p in service.get_ports(): + args = args + [ "--port=%s" %(p,) ] + + for dev in self.trustdevs: + args = args + [ "--trust=%s" %(dev,) ] + for port in self.portlist: + args = args + [ "--port=%s" %(port,) ] + return args def write (self, instPath): |