Hello community, here is the log from the commit of package yast2-firewall for openSUSE:Factory checked in at 2016-06-02 12:49:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old) and /work/SRC/openSUSE:Factory/.yast2-firewall.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yast2-firewall" Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes 2016-01-16 11:56:20.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.yast2-firewall.new/yast2-firewall.changes 2016-06-02 12:49:16.000000000 +0200 @@ -1,0 +2,8 @@ +Tue May 24 15:26:37 UTC 2016 - mchandras@suse.de + +- Add support for firewalld (fate#318356) + * Bump yast2 dependency to 3.1.191 which is the first version to + support the firewalld backend. +- 3.1.5 + +------------------------------------------------------------------- Old: ---- yast2-firewall-3.1.4.tar.bz2 New: ---- yast2-firewall-3.1.5.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-firewall.spec ++++++ --- /var/tmp/diff_new_pack.TinE3z/_old 2016-06-02 12:49:17.000000000 +0200 +++ /var/tmp/diff_new_pack.TinE3z/_new 2016-06-02 12:49:17.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 3.1.4 +Version: 3.1.5 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -30,8 +30,8 @@ # IP::CheckNetwork BuildRequires: yast2 >= 2.23.25 -# IP::CheckNetwork -Requires: yast2 >= 2.23.25 +# FirewallD backend +Requires: yast2 >= 3.1.191 # ButtonBox widget Conflicts: yast2-ycp-ui-bindings < 2.17.3 ++++++ yast2-firewall-3.1.4.tar.bz2 -> yast2-firewall-3.1.5.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-3.1.4/package/yast2-firewall.changes new/yast2-firewall-3.1.5/package/yast2-firewall.changes --- old/yast2-firewall-3.1.4/package/yast2-firewall.changes 2016-01-14 12:59:33.000000000 +0100 +++ new/yast2-firewall-3.1.5/package/yast2-firewall.changes 2016-05-25 15:17:33.000000000 +0200 @@ -1,4 +1,12 @@ ------------------------------------------------------------------- +Tue May 24 15:26:37 UTC 2016 - mchandras@suse.de + +- Add support for firewalld (fate#318356) + * Bump yast2 dependency to 3.1.191 which is the first version to + support the firewalld backend. +- 3.1.5 + +------------------------------------------------------------------- Fri Nov 13 09:15:40 UTC 2015 - igonzalezsosa@suse.com - fix validation of AutoYaST profiles (bnc#954412) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-3.1.4/package/yast2-firewall.spec new/yast2-firewall-3.1.5/package/yast2-firewall.spec --- old/yast2-firewall-3.1.4/package/yast2-firewall.spec 2016-01-14 12:59:33.000000000 +0100 +++ new/yast2-firewall-3.1.5/package/yast2-firewall.spec 2016-05-25 15:17:33.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 3.1.4 +Version: 3.1.5 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -30,8 +30,8 @@ # IP::CheckNetwork BuildRequires: yast2 >= 2.23.25 -# IP::CheckNetwork -Requires: yast2 >= 2.23.25 +# FirewallD backend +Requires: yast2 >= 3.1.191 # ButtonBox widget Conflicts: yast2-ycp-ui-bindings < 2.17.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-3.1.4/src/clients/firewall.rb new/yast2-firewall-3.1.5/src/clients/firewall.rb --- old/yast2-firewall-3.1.4/src/clients/firewall.rb 2016-01-14 12:59:33.000000000 +0100 +++ new/yast2-firewall-3.1.5/src/clients/firewall.rb 2016-05-25 15:17:33.000000000 +0200 @@ -30,6 +30,9 @@ # $Id$ # # File includes helps for yast2-firewall dialogs. +# +require "network/susefirewalld" + module Yast class FirewallClient < Client def main @@ -57,11 +60,27 @@ SuSEFirewallCMDLine.Run # GUI or TextUI else - # installation has other sequence - if Mode.installation - @ret = FirewallInstallationSequence() + # If FirewallD then use it's UI + if SuSEFirewall.is_a?(Yast::SuSEFirewalldClass) + # We can't do ncurces. Lets see if the firewalld-config + # is installed + Yast.import "PackageSystem" + Yast.import "UI" + if UI.TextMode() + Yast::Popup.Error(_("Your display can't support the 'firewall-config' UI.\n") + + _("Either use the Yast2 command line or the 'firewall-cmd' utility.") ) + return false + end + if PackageSystem.CheckAndInstallPackages(["firewall-config"]) + @ret = SCR.Execute(Yast::Path.new(".target.bash"), "/usr/bin/firewall-config") + end else - @ret = FirewallSequence() + # installation has other sequence + if Mode.installation + @ret = FirewallInstallationSequence() + else + @ret = FirewallSequence() + end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-3.1.4/src/modules/SuSEFirewallCMDLine.rb new/yast2-firewall-3.1.5/src/modules/SuSEFirewallCMDLine.rb --- old/yast2-firewall-3.1.4/src/modules/SuSEFirewallCMDLine.rb 2016-01-14 12:59:33.000000000 +0100 +++ new/yast2-firewall-3.1.5/src/modules/SuSEFirewallCMDLine.rb 2016-05-25 15:17:33.000000000 +0200 @@ -30,6 +30,7 @@ # # $Id$ require "yast" +require "network/susefirewalld" module Yast class SuSEFirewallCMDLineClass < Module @@ -376,6 +377,9 @@ "disable" => [] } } + + ConfigureFirewalld() + end # Returns list of strings made from the comma-separated string got as param. @@ -486,7 +490,17 @@ # TRANSLATORS: CommandLine header CommandLine.Print(String.UnderlinedHeader(_("Summary:"), 0)) CommandLine.Print("") - CommandLine.Print(InitBoxSummary(for_zones)) + if firewalld? + if for_zones.empty? + CommandLine.Print(SuSEFirewall.fwd_api.list_all_zones.join("\n")) + else + for_zones.each do |zone| + CommandLine.Print(SuSEFirewall.fwd_api.list_all_zone(zone).join("\n")) + end + end + else + CommandLine.Print(InitBoxSummary(for_zones)) + end # Do not call Write() false @@ -566,7 +580,6 @@ CommandLine.Print("") table_items = [] - special_interfaces = {} Builtins.foreach(SuSEFirewall.GetKnownFirewallZones) do |zone| # for_zone defined but it is not current zone next if for_zone != nil && for_zone != zone @@ -1534,6 +1547,22 @@ # @return [Boolean] whether write call is needed def FWCMDMasquerade(options) options = deep_copy(options) + zone = nil + if firewalld? + if options["zone"] + zone = options["zone"].downcase + if !SuSEFirewall.IsKnownZone(zone) + # TRANSLATORS: CommandLine error, %1 is zone + CommandLine.Error(Builtins.sformat(_("Unknown zone %1."), zone)) + return false + end + else + # TRANSLATORS: CommandLine error + CommandLine.Error("Mandatory 'zone' parameter is missing") + return false + end + end + if Ops.get(options, "show") != nil CommandLine.Print("") # TRANSLATORS: CommandLine header @@ -1541,23 +1570,30 @@ String.UnderlinedHeader(_("Masquerading Settings:"), 0) ) CommandLine.Print("") + + # TRANSLATORS: CommandLine informative text, either "everywhere" or + # "in the %1 zone" where %1 is zone name. + zone_msg = zone == nil ? _("everywhere") : + Builtins.sformat(_("in the %1 zone"), zone) + CommandLine.Print( Builtins.sformat( # TRANSLATORS: CommandLine informative text, %1 is "enabled" or "disabled" - _("Masquerading is %1"), - SuSEFirewall.GetMasquerade == true ? + # %2 is previously mentioned zone_msg + _("Masquerading is %1 %2"), + SuSEFirewall.GetMasquerade(zone) == true ? # TRANSLATORS: CommandLine masquerade status _("enabled") : # TRANSLATORS: CommandLine masquerade status - _("disabled") + _("disabled"), zone_msg ) ) CommandLine.Print("") return false elsif Ops.get(options, "enable") != nil - SuSEFirewall.SetMasquerade(true) + SuSEFirewall.SetMasquerade(true, zone) elsif Ops.get(options, "disable") != nil - SuSEFirewall.SetMasquerade(false) + SuSEFirewall.SetMasquerade(false, zone) end nil @@ -1599,6 +1635,38 @@ nil end + private + # Returns true if FirewallD is the running backend + def firewalld? + SuSEFirewall.is_a?(Yast::SuSEFirewalldClass) + end + + def ConfigureFirewalld + return unless firewalld? + + # Actions not supported by FirewallD + firewalld_disabled = ["broadcast", "masqredirect"] + + firewalld_disabled.each do |opt| + @cmdline["actions"].delete(opt) + @cmdline["mappings"].delete(opt) + end + + @cmdline["actions"]["masquerade"]["example"] << "masquerade zone=public enable" + @cmdline["mappings"]["masquerade"] << "zone" + + # protection from internal zone does not apply to FirewallD + @cmdline["actions"]["services"]["example"] = [ + "services show detailed", + "services add service=service:dhcp-server zone=EXT", + "services remove ipprotocol=esp tcpport=12,13,ipp zone=DMZ" + ] + # Remove unsupported options for FirewallD + @cmdline["mappings"]["services"].delete("rpcport") + @cmdline["mappings"]["services"].delete("protect") + + end + publish :function => :Run, :type => "void ()" end