Hi,
About:
------
YaST Firewall can already work with services defined by packages for
several weeks, nevertheless is had just a read-only access.
Some of you (for instance, ftp-server or http-server maintainers) allow
users to configure ports on which the services listens or operates but
enabling or disabling these services (ports) in firewall was quite limited.
New Feature:
------------
Now, there is a new functionality in 'SuSEFirewallServices' module:
* GetNeededPortsAndProtocols
returns map of the current definition of the service
* SetNeededPortsAndProtocols
immediately changes the definition in configuration file
You can find this new functionality in yast2-2.15.28 or SVN.
Example of Usage:
-----------------
- Services defined by package are stored in the
/etc/sysconfig/SuSEfirewall2.d/services/ directory, copy the attached
'abc' file there
- Save services-dbp.ycp script somewhere and run it by
`/sbin/yast2 /path/toservices-dbp.ycp`
- See the /var/log/YaST2/y2log
Bye
Lukas
--
Lukas Ocilka, YaST Developer (xn--luk-gla45d)
-----------------------------------------------------------------
SUSE LINUX, s. r. o., Lihovarska 1060/12, Praha 9, Czech Republic
{
import "SuSEFirewallServices";
string service = "service:abc";
map ports_used =
SuSEFirewallServices::GetNeededPortsAndProtocols (service);
y2milestone ("----------------------------------------------");
y2milestone ("GetNeededPortsAndProtocols: %1", ports_used);
y2milestone ("----------------------------------------------");
list <string> tmp = ports_used["tcp_ports"]:[];
ports_used["tcp_ports"] = ports_used["udp_ports"]:[];
ports_used["udp_ports"] = ports_used["rpc_ports"]:[];
ports_used["rpc_ports"] = ports_used["ip_protocols"]:[];
ports_used["ip_protocols"] = ports_used["broadcast_ports"]:[];
ports_used["broadcast_ports"] = tmp;
y2milestone (
"SetNeededPortsAndProtocols: %1",
SuSEFirewallServices::SetNeededPortsAndProtocols (
service,
ports_used
)
);
ports_used =
SuSEFirewallServices::GetNeededPortsAndProtocols (service);
y2milestone ("----------------------------------------------");
y2milestone ("GetNeededPortsAndProtocols: %1", ports_used);
y2milestone ("----------------------------------------------");
}
# Do not edit this file as it's just a template and will be
# overwritten on package updates! Copy to a new file instead.
#
# Only the variables TCP, UDP, RPC, IP and BROADCAST are allowed.
# More may be supported in the future.
#
# For a more detailed description of the individual variables see
# the comments for FW_SERVICES_*_EXT in /etc/sysconfig/SuSEfirewall2
#
## Name: abc service (probably)
## Description: opens ports for xx in order to allow dd
# space separated list of allowed TCP ports
TCP="was tcp"
# space separated list of allowed UDP ports
UDP="was udp"
# space separated list of allowed RPC services
RPC="was rpc"
# space separated list of allowed IP protocols
IP="was ip"
# space separated list of allowed UDP broadcast ports
BROADCAST="was broadcast"