Sandro Bonazzola has uploaded a new change for review. Change subject: network: firewalld: allow disabling services ......................................................................
network: firewalld: allow disabling services Allows disabling services at closeup stage. Change-Id: I75418f4c7d90f8119c8259d0a33ed9fdfa69c91d Signed-off-by: Sandro Bonazzola <[email protected]> --- M src/otopi/constants.py M src/plugins/otopi/network/firewalld.py 2 files changed, 32 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/otopi refs/changes/26/17026/1 diff --git a/src/otopi/constants.py b/src/otopi/constants.py index b77bb65..0f5acb7 100644 --- a/src/otopi/constants.py +++ b/src/otopi/constants.py @@ -154,6 +154,7 @@ FIREWALLD_ENABLE = 'NETWORK/firewalldEnable' FIREWALLD_AVAILABLE = 'NETWORK/firewalldAvailable' FIREWALLD_SERVICE_PREFIX = 'NETWORK_FIREWALLD_SERVICE/' + FIREWALLD_DISBALE_SERVICES = 'NETWORK/firewalldDisableServices' @util.export diff --git a/src/plugins/otopi/network/firewalld.py b/src/plugins/otopi/network/firewalld.py index 8d74914..f43edb3 100644 --- a/src/plugins/otopi/network/firewalld.py +++ b/src/plugins/otopi/network/firewalld.py @@ -39,6 +39,7 @@ Environment: NetEnv.FIREWALLD_ENABLE -- enable firewalld update NetEnv.FIREWALLD_SERVICE_PREFIX -- services key=service value=content + NetEnv.FIREWALLD_DISBALE_SERVICES -- list of services to be disabled """ @@ -110,6 +111,18 @@ return zones + def _get_zones(self): + rc, stdout, stderr = self.execute( + ( + self.command.get('firewall-cmd'), + '--get-zones', + ), + ) + zones = [] + for line in stdout: + zones += line.split() + return zones + def __init__(self, context): super(Plugin, self).__init__(context=context) self._enabled = os.geteuid() == 0 @@ -126,6 +139,10 @@ ) self.environment.setdefault( constants.NetEnv.FIREWALLD_AVAILABLE, + False + ) + self.environment.setdefault( + constants.NetEnv.FIREWALLD_DISBALE_SERVICES, False ) @@ -227,6 +244,20 @@ '--add-service', service, ), ) + + for zone in self._get_zones(): + for service in self.environment[ + constants.NetEnv.FIREWALLD_DISBALE_SERVICES + ]: + self.execute( + ( + self.command.get('firewall-cmd'), + '--zone', zone, + '--permanent', + '--remove-service', service, + ), + ) + self.execute( ( self.command.get('firewall-cmd'), -- To view, visit http://gerrit.ovirt.org/17026 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I75418f4c7d90f8119c8259d0a33ed9fdfa69c91d Gerrit-PatchSet: 1 Gerrit-Project: otopi Gerrit-Branch: master Gerrit-Owner: Sandro Bonazzola <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
