X7ROOT File Manager
Current Path:
/usr/bin
usr
/
bin
/
📁
..
📄
2to3
(106 B)
📄
2to3-3.6
(106 B)
📄
GET
(15.84 KB)
📄
HEAD
(15.84 KB)
📄
Magick-config
(1.43 KB)
📄
MagickCore-config
(1.56 KB)
📄
MagickWand-config
(1.56 KB)
📄
Mail
(408.89 KB)
📄
POST
(15.84 KB)
📄
Wand-config
(1.42 KB)
📄
[
(53.67 KB)
📄
ab
(72.63 KB)
📄
ac
(33.07 KB)
📄
aclocal
(35.62 KB)
📄
aclocal-1.16
(35.62 KB)
📄
acyclic
(12.41 KB)
📄
addr2line
(33.41 KB)
📄
agentxtrap
(24.53 KB)
📄
alias
(29 B)
📄
alt-mysql-reconfigure
(21.16 KB)
📄
alt-php-mysql-reconfigure
(21.16 KB)
📄
alt-php-mysql-reconfigure.py
(21.16 KB)
📄
animate
(11.84 KB)
📄
apropos
(54.04 KB)
📄
ar
(61.96 KB)
📄
arch
(37.41 KB)
📄
aria_chk
(4.53 MB)
📄
aria_dump_log
(4.33 MB)
📄
aria_ftdump
(4.34 MB)
📄
aria_pack
(4.37 MB)
📄
aria_read_log
(4.49 MB)
📄
arpaname
(11.82 KB)
📄
as
(889.91 KB)
📄
aspell
(159.5 KB)
📄
at
(57.33 KB)
📄
atop
(284.66 KB)
📄
atopconvert
(24.66 KB)
📄
atopd
(922 B)
📄
atopsar
(284.66 KB)
📄
atq
(57.33 KB)
📄
atrm
(57.33 KB)
📄
attr
(13.06 KB)
📄
aulast
(20.58 KB)
📄
aulastlog
(12.44 KB)
📄
ausyscall
(12.27 KB)
📄
authselect
(41.13 KB)
📄
autoconf
(14.42 KB)
📄
autoheader
(8.33 KB)
📄
autom4te
(31.43 KB)
📄
automake
(251.9 KB)
📄
automake-1.16
(251.9 KB)
📄
autopoint
(25.95 KB)
📄
autoreconf
(20.57 KB)
📄
autoscan
(16.72 KB)
📄
autoupdate
(33.08 KB)
📄
auvirt
(32.73 KB)
📄
awk
(669.77 KB)
📄
b2sum
(57.76 KB)
📄
base32
(41.55 KB)
📄
base64
(41.56 KB)
📄
basename
(37.49 KB)
📄
bash
(1.1 MB)
📄
bashbug
(7.18 KB)
📄
bashbug-64
(7.18 KB)
📄
batch
(137 B)
📄
bc
(94.98 KB)
📄
bcomps
(20.62 KB)
📄
bdftopcf
(45.4 KB)
📄
bg
(26 B)
📄
bind9-config
(3.33 KB)
📄
bison
(437.72 KB)
📄
blkiomon
(25.7 KB)
📄
blkparse
(51.39 KB)
📄
blkrawverify
(16.4 KB)
📄
blktrace
(43.07 KB)
📄
bno_plot.py
(3.47 KB)
📄
bond2team
(22.74 KB)
📄
bootctl
(45.15 KB)
📄
brotli
(739.2 KB)
📄
btrace
(891 B)
📄
btrecord
(17.39 KB)
📄
btreplay
(29.72 KB)
📄
btt
(80.84 KB)
📄
bunzip2
(36.86 KB)
📄
busctl
(77.26 KB)
📄
bzcat
(36.86 KB)
📄
bzcmp
(2.08 KB)
📄
bzdiff
(2.08 KB)
📄
bzegrep
(1.64 KB)
📄
bzfgrep
(1.64 KB)
📄
bzgrep
(1.64 KB)
📄
bzip2
(36.86 KB)
📄
bzip2recover
(16.44 KB)
📄
bzless
(1.23 KB)
📄
bzmore
(1.23 KB)
📄
c++
(1.21 MB)
📄
c++filt
(28.89 KB)
📄
c89
(224 B)
📄
c99
(215 B)
📄
ca-legacy
(1.61 KB)
📄
cairo-sphinx
(69.71 KB)
📄
cal
(65.98 KB)
📄
captoinfo
(85.31 KB)
📄
cat
(37.54 KB)
📄
catchsegv
(3.21 KB)
📄
catman
(41.45 KB)
📄
cc
(1.21 MB)
📄
ccomps
(24.72 KB)
📄
cd
(26 B)
📄
centrino-decode
(11.27 KB)
📄
certutil
(195.26 KB)
📄
chacl
(16.36 KB)
📄
chage
(77.68 KB)
📄
chardetect
(400 B)
📄
chattr
(16.41 KB)
📄
chcon
(70.43 KB)
📄
chfn
(32.89 KB)
📄
chgrp
(66.35 KB)
📄
chmem
(45.47 KB)
📄
chmod
(62.29 KB)
📄
chown
(70.39 KB)
📄
chronyc
(127.6 KB)
📄
chrt
(37.18 KB)
📄
chsh
(24.71 KB)
📄
chvt
(12.53 KB)
📄
cifsiostat
(41.35 KB)
📄
circo
(12.26 KB)
📄
cksum
(37.46 KB)
📄
cl-linksafe-reconfigure
(4.83 KB)
📄
clear
(12.54 KB)
📄
cluster
(518.33 KB)
📄
cmp
(103.76 KB)
📄
cmsutil
(118.27 KB)
📄
col
(29 KB)
📄
colcrt
(16.48 KB)
📄
colrm
(24.88 KB)
📄
column
(49.47 KB)
📄
comm
(41.63 KB)
📄
command
(31 B)
📄
compare
(11.85 KB)
📄
compile_et
(1.31 KB)
📄
composite
(11.84 KB)
📄
config_data
(6.97 KB)
📄
conjure
(11.84 KB)
📄
convert
(11.84 KB)
📄
coredumpctl
(44.91 KB)
📄
corelist
(14.64 KB)
📄
cp
(148.05 KB)
📄
cpan
(8.17 KB)
📄
cpan-mirrors
(4.19 KB)
📄
cpapi1
(3.18 MB)
📄
cpapi2
(3.18 MB)
📄
cpapi3
(3.18 MB)
📄
cpio
(159.8 KB)
📄
cpp
(1.21 MB)
📄
cpupower
(66.91 KB)
📄
crb
(2.58 KB)
📄
crc32
(1.02 KB)
📄
crlutil
(134.74 KB)
📄
cronnext
(49.8 KB)
📄
crontab
(61.67 KB)
📄
csplit
(53.76 KB)
📄
csslint-0.6
(24.56 KB)
📄
curl
(230.09 KB)
📄
cut
(49.59 KB)
📄
cvtsudoers
(284.13 KB)
📄
cxpm
(29.11 KB)
📄
date
(106.03 KB)
📄
db_archive
(12.45 KB)
📄
db_checkpoint
(16.48 KB)
📄
db_deadlock
(16.48 KB)
📄
db_dump
(16.51 KB)
📄
db_dump185
(69.55 KB)
📄
db_hotbackup
(20.49 KB)
📄
db_load
(28.61 KB)
📄
db_log_verify
(16.52 KB)
📄
db_printlog
(33.4 KB)
📄
db_recover
(16.51 KB)
📄
db_replicate
(16.49 KB)
📄
db_stat
(16.48 KB)
📄
db_tuner
(24.55 KB)
📄
db_upgrade
(12.45 KB)
📄
db_verify
(16.46 KB)
📄
dbilogstrip
(1.35 KB)
📄
dbiprof
(6.06 KB)
📄
dbus-binding-tool
(110.43 KB)
📄
dbus-cleanup-sockets
(16.38 KB)
📄
dbus-daemon
(239.76 KB)
📄
dbus-monitor
(28.63 KB)
📄
dbus-run-session
(15.95 KB)
📄
dbus-send
(28.6 KB)
📄
dbus-test-tool
(24.66 KB)
📄
dbus-update-activation-environment
(16.47 KB)
📄
dbus-uuidgen
(12.37 KB)
📄
dc
(53.02 KB)
📄
dd
(78.05 KB)
📄
deallocvt
(12.54 KB)
📄
debuginfo-install
(3.62 KB)
📄
debuginfod-find
(16.47 KB)
📄
delv
(42.46 KB)
📄
desktop-file-edit
(95.45 KB)
📄
desktop-file-install
(95.45 KB)
📄
desktop-file-validate
(83.61 KB)
📄
df
(91.16 KB)
📄
diff
(268.01 KB)
📄
diff3
(128.6 KB)
📄
diffimg
(12.27 KB)
📄
dig
(162.19 KB)
📄
dijkstra
(16.71 KB)
📄
dir
(139.97 KB)
📄
dircolors
(49.63 KB)
📄
dirmngr
(580.16 KB)
📄
dirmngr-client
(120.12 KB)
📄
dirname
(33.44 KB)
📄
display
(11.84 KB)
📄
dltest
(13.05 KB)
📄
dmesg
(77.88 KB)
📄
dnf
(2.05 KB)
📄
dnf-3
(2.05 KB)
📄
dnsdomainname
(21.16 KB)
📄
dnstap-read
(20.43 KB)
📄
domainname
(21.16 KB)
📄
dos2unix
(58.54 KB)
📄
dot
(12.26 KB)
📄
dot2gxl
(41.3 KB)
📄
dotty
(2.04 KB)
📄
doveadm
(983.31 KB)
📄
doveconf
(228.41 KB)
📄
dovecot-sysreport
(5.8 KB)
📄
dpkg
(316.17 KB)
📄
dpkg-deb
(165.5 KB)
📄
dpkg-divert
(157.75 KB)
📄
dpkg-maintscript-helper
(20.67 KB)
📄
dpkg-query
(165.84 KB)
📄
dpkg-realpath
(4.05 KB)
📄
dpkg-split
(132.39 KB)
📄
dpkg-statoverride
(66.41 KB)
📄
dpkg-trigger
(87.66 KB)
📄
dracut
(67.56 KB)
📄
dsync
(983.31 KB)
📄
dtrace
(17.39 KB)
📄
du
(107.1 KB)
📄
dumpkeys
(169.88 KB)
📄
dumpsexp
(16.43 KB)
📄
dwp
(2.13 MB)
📄
dwz
(167.64 KB)
📄
ea-php74
(6.09 MB)
📄
ea-php74-pear
(383 B)
📄
ea-php74-pecl
(299 B)
📄
ea-php80
(7.61 MB)
📄
ea-php80-pear
(383 B)
📄
ea-php80-pecl
(299 B)
📄
ea-php81
(7.72 MB)
📄
ea-php81-pear
(383 B)
📄
ea-php81-pecl
(299 B)
📄
ea-php82
(7.77 MB)
📄
ea-php82-pear
(383 B)
📄
ea-php82-pecl
(299 B)
📄
easy_install-2
(234 B)
📄
easy_install-2.7
(234 B)
📄
easy_install-3
(246 B)
📄
easy_install-3.6
(246 B)
📄
echo
(37.43 KB)
📄
ed
(57.28 KB)
📄
edgepaint
(420.79 KB)
📄
egrep
(28 B)
📄
eject
(57.78 KB)
📄
elfedit
(33.3 KB)
📄
elinks
(1.55 MB)
📄
enc2xs
(40.97 KB)
📄
encguess
(2.91 KB)
📄
enchant
(21.08 KB)
📄
enchant-2
(20.25 KB)
📄
enchant-lsmod
(13.09 KB)
📄
enchant-lsmod-2
(12.35 KB)
📄
env
(41.43 KB)
📄
envml
(4.1 KB)
📄
envsubst
(48.99 KB)
📄
eps2eps
(639 B)
📄
eqn
(232.16 KB)
📄
event_rpcgen.py
(54.26 KB)
📄
evmctl
(62.54 KB)
📄
ex
(1.13 MB)
📄
expand
(41.66 KB)
📄
expr
(49.65 KB)
📄
factor
(86.05 KB)
📄
fallocate
(28.96 KB)
📄
false
(33.39 KB)
📄
fc
(26 B)
📄
fc-cache
(132 B)
📄
fc-cache-64
(20.35 KB)
📄
fc-cat
(16.35 KB)
📄
fc-conflist
(12.25 KB)
📄
fc-list
(12.25 KB)
📄
fc-match
(16.26 KB)
📄
fc-pattern
(12.26 KB)
📄
fc-query
(12.24 KB)
📄
fc-scan
(12.26 KB)
📄
fc-validate
(16.26 KB)
📄
fdp
(12.26 KB)
📄
fg
(26 B)
📄
fgconsole
(12.55 KB)
📄
fgrep
(28 B)
📄
filan
(94.72 KB)
📄
file
(24.68 KB)
📄
fincore
(33.03 KB)
📄
find
(223.3 KB)
📄
find-repos-of-install
(3.62 KB)
📄
findmnt
(70.6 KB)
📄
fips-finish-install
(1.29 KB)
📄
fips-mode-setup
(3.91 KB)
📄
firewall-cmd
(139.6 KB)
📄
firewall-offline-cmd
(120.73 KB)
📄
flex
(428.45 KB)
📄
flex++
(428.45 KB)
📄
flock
(33.2 KB)
📄
fmt
(45.57 KB)
📄
fold
(41.48 KB)
📄
fonttosfnt
(41.18 KB)
📄
fprintd-delete
(77.29 KB)
📄
fprintd-enroll
(85.88 KB)
📄
fprintd-list
(77.27 KB)
📄
fprintd-verify
(81.38 KB)
📄
free
(20.79 KB)
📄
freetype-config
(4.31 KB)
📄
fribidi
(21.14 KB)
📄
ftp
(101.2 KB)
📄
funzip
(36.63 KB)
📄
g++
(1.21 MB)
📄
g13
(212.02 KB)
📄
galera_new_cluster
(917 B)
📄
galera_recovery
(3.29 KB)
📄
gapplication
(20.45 KB)
📄
garb-systemd
(1.2 KB)
📄
garbd
(1.65 MB)
📄
gawk
(669.77 KB)
📄
gc
(16.64 KB)
📄
gcc
(1.21 MB)
📄
gcc-ar
(36.66 KB)
📄
gcc-nm
(36.66 KB)
📄
gcc-ranlib
(36.66 KB)
📄
gcov
(1.31 MB)
📄
gcov-dump
(570.88 KB)
📄
gcov-tool
(607.75 KB)
📄
gdbm_dump
(21.05 KB)
📄
gdbm_load
(25.31 KB)
📄
gdbmtool
(111.57 KB)
📄
gdbus
(48.72 KB)
📄
gdk-pixbuf-query-loaders-64
(15.93 KB)
📄
gdk-pixbuf-thumbnailer
(20.45 KB)
📄
gdlib-config
(2.79 KB)
📄
gencat
(24.84 KB)
📄
genl-ctrl-list
(12.04 KB)
📄
geqn
(232.16 KB)
📄
getconf
(32.46 KB)
📄
getent
(33.13 KB)
📄
getfacl
(25.38 KB)
📄
getfattr
(23.03 KB)
📄
getkeycodes
(12.54 KB)
📄
getopt
(20.52 KB)
📄
getopts
(31 B)
📄
gettext
(48.97 KB)
📄
gettext.sh
(4.52 KB)
📄
gettextize
(42.69 KB)
📄
ghostscript
(12.35 KB)
📄
gio
(85.22 KB)
📄
gio-querymodules-64
(16.3 KB)
📄
git
(26.38 MB)
📄
git-receive-pack
(26.38 MB)
📄
git-shell
(15.79 MB)
📄
git-upload-archive
(26.38 MB)
📄
git-upload-pack
(26.38 MB)
📄
glib-compile-schemas
(48.85 KB)
📄
gmake
(235.32 KB)
📄
gml2gv
(41.23 KB)
📄
gneqn
(908 B)
📄
gnroff
(3.23 KB)
📄
gpasswd
(82.16 KB)
📄
gpg
(1.04 MB)
📄
gpg-agent
(419.29 KB)
📄
gpg-connect-agent
(165.3 KB)
📄
gpg-error
(34.16 KB)
📄
gpg-error-config
(2.26 KB)
📄
gpg-wks-server
(206.69 KB)
📄
gpg-zip
(3.44 KB)
📄
gpg2
(1.04 MB)
📄
gpgconf
(176.09 KB)
📄
gpgme-json
(85.68 KB)
📄
gpgparsemail
(28.74 KB)
📄
gpgrt-config
(2.26 KB)
📄
gpgsm
(514.45 KB)
📄
gpgsplit
(87.02 KB)
📄
gpgv
(451.58 KB)
📄
gpgv2
(451.58 KB)
📄
gpic
(293.84 KB)
📄
gpio-event-mon
(14.96 KB)
📄
gpio-hammer
(14.96 KB)
📄
gprof
(103.36 KB)
📄
gr2fonttest
(29.95 KB)
📄
graphml2gv
(20.65 KB)
📄
grep
(193.63 KB)
📄
groff
(124.92 KB)
📄
grops
(191.14 KB)
📄
grotty
(141.9 KB)
📄
groups
(37.47 KB)
📄
grub2-editenv
(448.09 KB)
📄
grub2-file
(928.48 KB)
📄
grub2-fstest
(1.15 MB)
📄
grub2-glue-efi
(279.35 KB)
📄
grub2-kbdcomp
(1.63 KB)
📄
grub2-menulst2cfg
(262.64 KB)
📄
grub2-mkfont
(312.09 KB)
📄
grub2-mkimage
(431.35 KB)
📄
grub2-mklayout
(285.46 KB)
📄
grub2-mknetdir
(485.73 KB)
📄
grub2-mkpasswd-pbkdf2
(291.84 KB)
📄
grub2-mkrelpath
(279.23 KB)
📄
grub2-mkrescue
(1.12 MB)
📄
grub2-mkstandalone
(594.47 KB)
📄
grub2-render-label
(937.11 KB)
📄
grub2-script-check
(315.96 KB)
📄
grub2-syslinux2cfg
(861.64 KB)
📄
gs
(12.35 KB)
📄
gsettings
(28.61 KB)
📄
gsnd
(277 B)
📄
gsoelim
(42.55 KB)
📄
gss-client
(24.56 KB)
📄
gtar
(448.99 KB)
📄
gtbl
(154.61 KB)
📄
gtk-query-immodules-2.0-64
(16.29 KB)
📄
gtk-update-icon-cache
(33.03 KB)
📄
gtroff
(805.02 KB)
📄
gunzip
(2.29 KB)
📄
gv2gml
(24.7 KB)
📄
gv2gxl
(41.3 KB)
📄
gvcolor
(46.9 KB)
📄
gvgen
(24.8 KB)
📄
gvmap
(526.31 KB)
📄
gvmap.sh
(2.14 KB)
📄
gvpack
(460.59 KB)
📄
gvpr
(7.83 KB)
📄
gxl2dot
(41.3 KB)
📄
gxl2gv
(41.3 KB)
📄
gzexe
(6.23 KB)
📄
gzip
(94.67 KB)
📄
h2ph
(28.69 KB)
📄
h2xs
(59.44 KB)
📄
hash
(28 B)
📄
head
(45.58 KB)
📄
hexdump
(57.5 KB)
📄
hmac256
(16.86 KB)
📄
host
(142.3 KB)
📄
hostid
(33.41 KB)
📄
hostname
(21.16 KB)
📄
hostnamectl
(20.83 KB)
📄
htdbm
(31.72 KB)
📄
htdigest
(21.71 KB)
📄
html2text
(406 B)
📄
htop
(304.73 KB)
📄
htpasswd
(31.55 KB)
📄
httxt2dbm
(21.1 KB)
📄
hunspell
(144.7 KB)
📄
i386
(20.76 KB)
📄
iceauth
(41.87 KB)
📄
iconv
(61.44 KB)
📄
id
(45.52 KB)
📄
identify
(11.84 KB)
📄
idiag-socket-details
(12.09 KB)
📄
idle2
(93 B)
📄
idle2.7
(93 B)
📄
idn
(39.41 KB)
📄
ifnames
(4.03 KB)
📄
iio_event_monitor
(22.98 KB)
📄
iio_generic_buffer
(26.98 KB)
📄
import
(11.84 KB)
📄
imunify-agent-proxy
(6.99 MB)
📄
imunify-antivirus
(1 KB)
📄
imunify-service
(1020 B)
📄
imunify360-agent
(1 KB)
📄
imunify360-command-wrapper
(8.4 KB)
📄
info
(249.89 KB)
📄
infocmp
(61.05 KB)
📄
infotocap
(85.31 KB)
📄
innochecksum
(3.59 MB)
📄
install
(156.25 KB)
📄
instmodsh
(4.1 KB)
📄
intel-speed-select
(93.02 KB)
📄
ionice
(28.98 KB)
📄
iostat
(57.69 KB)
📄
ipcalc
(46.08 KB)
📄
ipcmk
(29.14 KB)
📄
ipcrm
(28.99 KB)
📄
ipcs
(53.39 KB)
📄
isc-config.sh
(3.33 KB)
📄
isosize
(24.88 KB)
📄
ispell
(988 B)
📄
isql
(37.29 KB)
📄
iusql
(29.68 KB)
📄
jobs
(28 B)
📄
join
(53.77 KB)
📄
journalctl
(76.99 KB)
📄
json_pp
(4.19 KB)
📄
json_reformat
(16.55 KB)
📄
json_verify
(12.27 KB)
📄
json_xs
(6.84 KB)
📄
kbd_mode
(12.55 KB)
📄
kbdinfo
(16.56 KB)
📄
kbdrate
(16.45 KB)
📄
kbxutil
(177.32 KB)
📄
kdumpctl
(32.93 KB)
📄
kernel-install
(4.41 KB)
📄
keyctl
(36.82 KB)
📄
kill
(37.27 KB)
📄
killall
(29.77 KB)
📄
kmod
(159.95 KB)
📄
krb5-config
(6.98 KB)
📄
kvm_stat
(60.85 KB)
📄
last
(49.23 KB)
📄
lastb
(49.23 KB)
📄
lastcomm
(37.8 KB)
📄
lastlog
(20.62 KB)
📄
lchfn
(20.35 KB)
📄
lchsh
(16.35 KB)
📄
ld
(1.71 MB)
📄
ld.bfd
(1.71 MB)
📄
ld.gold
(2.35 MB)
📄
ld.so
(1.05 MB)
📄
ldd
(5.31 KB)
📄
lefty
(304.52 KB)
📄
less
(173.76 KB)
📄
lessecho
(12.4 KB)
📄
lesskey
(21.99 KB)
📄
lesspipe.sh
(3.07 KB)
📄
lex
(428.45 KB)
📄
lexgrog
(93.7 KB)
📄
libgcrypt-config
(3.84 KB)
📄
libnetcfg
(15.41 KB)
📄
libpng-config
(2.33 KB)
📄
libpng16-config
(2.33 KB)
📄
libtool
(359.11 KB)
📄
libtoolize
(126.17 KB)
📄
libwmf-fontmap
(13.03 KB)
📄
link
(33.41 KB)
📄
links
(1.55 MB)
📄
linux-boot-prober
(5.85 KB)
📄
linux32
(20.76 KB)
📄
linux64
(20.76 KB)
📄
ln
(70.57 KB)
📄
lnav
(3.57 MB)
📄
lneato
(1.51 KB)
📄
loadkeys
(210.53 KB)
📄
loadunimap
(29.03 KB)
📄
locale
(56.45 KB)
📄
localectl
(28.86 KB)
📄
localedef
(307.47 KB)
📄
locate
(47.41 KB)
📄
logger
(49.98 KB)
📄
login
(40.96 KB)
📄
loginctl
(57.28 KB)
📄
logname
(33.42 KB)
📄
logresolve
(21.45 KB)
📄
look
(16.45 KB)
📄
ls
(139.97 KB)
📄
lsattr
(11.93 KB)
📄
lsblk
(90.13 KB)
📄
lscpu
(81.7 KB)
📄
lsgpio
(15.06 KB)
📄
lsiio
(22.98 KB)
📄
lsinitrd
(8.68 KB)
📄
lsipc
(73.74 KB)
📄
lslocks
(37.53 KB)
📄
lslogins
(65.6 KB)
📄
lsmcli
(954 B)
📄
lsmd
(24.88 KB)
📄
lsmem
(45.34 KB)
📄
lsns
(49.28 KB)
📄
lsof
(175.4 KB)
📄
lsphp
(937 B)
📄
lsscsi
(86.01 KB)
📄
lsusb
(244.14 KB)
📄
lsusb.py
(14.89 KB)
📄
lua
(20.45 KB)
📄
luac
(152.77 KB)
📄
lwp-download
(10.05 KB)
📄
lwp-dump
(2.65 KB)
📄
lwp-mirror
(2.36 KB)
📄
lwp-request
(15.84 KB)
📄
lynx
(1.84 MB)
📄
lzcat
(82.09 KB)
📄
lzcmp
(6.48 KB)
📄
lzdiff
(6.48 KB)
📄
lzegrep
(5.76 KB)
📄
lzfgrep
(5.76 KB)
📄
lzgrep
(5.76 KB)
📄
lzless
(1.76 KB)
📄
lzma
(82.09 KB)
📄
lzmadec
(16.48 KB)
📄
lzmainfo
(12.36 KB)
📄
lzmore
(2.11 KB)
📄
m4
(185.56 KB)
📄
mac2unix
(58.54 KB)
📄
mail
(408.89 KB)
📄
mailx
(408.89 KB)
📄
make
(235.32 KB)
📄
make-dummy-cert
(610 B)
📄
makedb
(24.84 KB)
📄
man
(112.52 KB)
📄
mandb
(134.52 KB)
📄
manpath
(33.42 KB)
📄
mapscrn
(24.84 KB)
📄
mariadb
(4.34 MB)
📄
mariadb-access
(109.34 KB)
📄
mariadb-admin
(3.88 MB)
📄
mariadb-binlog
(4.14 MB)
📄
mariadb-check
(3.88 MB)
📄
mariadb-config
(12.2 KB)
📄
mariadb-conv
(3.59 MB)
📄
mariadb-convert-table-format
(4.12 KB)
📄
mariadb-dump
(3.96 MB)
📄
mariadb-dumpslow
(8.05 KB)
📄
mariadb-embedded
(22.6 MB)
📄
mariadb-find-rows
(3.21 KB)
📄
mariadb-fix-extensions
(1.22 KB)
📄
mariadb-hotcopy
(34.15 KB)
📄
mariadb-import
(3.87 MB)
📄
mariadb-install-db
(22.46 KB)
📄
mariadb-plugin
(3.57 MB)
📄
mariadb-secure-installation
(13.49 KB)
📄
mariadb-service-convert
(2.45 KB)
📄
mariadb-setpermission
(17.56 KB)
📄
mariadb-show
(3.87 MB)
📄
mariadb-slap
(3.89 MB)
📄
mariadb-tzinfo-to-sql
(3.57 MB)
📄
mariadb-upgrade
(4 MB)
📄
mariadb-waitpid
(3.55 MB)
📄
mariadb_config
(12.2 KB)
📄
mariadbd-multi
(26.71 KB)
📄
mariadbd-safe
(30.42 KB)
📄
mariadbd-safe-helper
(3.52 MB)
📄
mc
(1.3 MB)
📄
mcdiff
(1.3 MB)
📄
mcedit
(1.3 MB)
📄
mcookie
(33.26 KB)
📄
mcpp
(9.02 KB)
📄
mcview
(1.3 MB)
📄
md5sum
(45.62 KB)
📄
mdig
(48.52 KB)
📄
memstrack
(83.78 KB)
📄
mesg
(16.36 KB)
📄
mkdir
(82.79 KB)
📄
mkfifo
(66.56 KB)
📄
mkfontdir
(65 B)
📄
mkfontscale
(41.59 KB)
📄
mkinitrd
(6.43 KB)
📄
mknod
(70.55 KB)
📄
mktemp
(45.73 KB)
📄
mm2gv
(90.53 KB)
📄
mmdblookup
(16.74 KB)
📄
modulecmd
(384.75 KB)
📄
modulemd-validator
(24.96 KB)
📄
modutil
(177.2 KB)
📄
mogrify
(11.84 KB)
📄
montage
(11.84 KB)
📄
more
(44.94 KB)
📄
mount
(49.15 KB)
📄
mountpoint
(16.48 KB)
📄
mpicalc
(20.38 KB)
📄
mpstat
(53.51 KB)
📄
msgattrib
(25.58 KB)
📄
msgcat
(25.55 KB)
📄
msgcmp
(26.12 KB)
📄
msgcomm
(25.55 KB)
📄
msgconv
(21.55 KB)
📄
msgen
(21.55 KB)
📄
msgexec
(21.55 KB)
📄
msgfilter
(34.53 KB)
📄
msgfmt
(90.3 KB)
📄
msgfmt2.7.py
(6.33 KB)
📄
msgfmt2.py
(6.33 KB)
📄
msggrep
(43.6 KB)
📄
msginit
(67.85 KB)
📄
msgmerge
(71.48 KB)
📄
msgunfmt
(35.8 KB)
📄
msguniq
(25.56 KB)
📄
msql2mysql
(1.41 KB)
📄
multitail
(329.2 KB)
📄
mv
(144.03 KB)
📄
my_print_defaults
(3.56 MB)
📄
myisam_ftdump
(3.89 MB)
📄
myisamchk
(4.01 MB)
📄
myisamlog
(3.87 MB)
📄
myisampack
(3.91 MB)
📄
mysql
(4.34 MB)
📄
mysql_config
(4.51 KB)
📄
mysql_embedded
(22.6 MB)
📄
mysql_find_rows
(3.21 KB)
📄
mysql_fix_extensions
(1.22 KB)
📄
mysql_install_db
(22.46 KB)
📄
mysql_plugin
(3.57 MB)
📄
mysql_tzinfo_to_sql
(3.57 MB)
📄
mysql_upgrade
(4 MB)
📄
mysql_waitpid
(3.55 MB)
📄
mysqlaccess
(109.34 KB)
📄
mysqladmin
(3.88 MB)
📄
mysqlbinlog
(4.14 MB)
📄
mysqlcheck
(3.88 MB)
📄
mysqld_multi
(26.71 KB)
📄
mysqld_safe
(30.42 KB)
📄
mysqld_safe_helper
(3.52 MB)
📄
mysqldump
(3.96 MB)
📄
mysqlimport
(3.87 MB)
📄
mysqlshow
(3.87 MB)
📄
mysqlslap
(3.89 MB)
📄
mytop
(71.95 KB)
📄
nail
(408.89 KB)
📄
named-rrchecker
(19.88 KB)
📄
namei
(33.1 KB)
📄
nano
(247.94 KB)
📄
nc
(436.87 KB)
📄
ncat
(436.87 KB)
📄
ncdu
(89.88 KB)
📄
ncurses6-config
(5.87 KB)
📄
ncursesw6-config
(5.88 KB)
📄
ndptool
(24.45 KB)
📄
neato
(12.26 KB)
📄
needs-restarting
(3.62 KB)
📄
neqn
(908 B)
📄
net-snmp-create-v3-user
(3.15 KB)
📄
netstat
(158.68 KB)
📄
newgidmap
(47.8 KB)
📄
newgrp
(42.45 KB)
📄
newuidmap
(47.76 KB)
📄
nf-ct-add
(16.46 KB)
📄
nf-ct-events
(12.38 KB)
📄
nf-ct-list
(16.49 KB)
📄
nf-exp-add
(16.87 KB)
📄
nf-exp-delete
(16.66 KB)
📄
nf-exp-list
(16.49 KB)
📄
nf-log
(12.35 KB)
📄
nf-monitor
(12.36 KB)
📄
nf-queue
(16.35 KB)
📄
ngettext
(48.97 KB)
📄
nice
(37.41 KB)
📄
nisdomainname
(21.16 KB)
📄
nl
(45.63 KB)
📄
nl-addr-add
(12.34 KB)
📄
nl-addr-delete
(16.77 KB)
📄
nl-addr-list
(16.88 KB)
📄
nl-class-add
(16.73 KB)
📄
nl-class-delete
(12.63 KB)
📄
nl-class-list
(12.59 KB)
📄
nl-classid-lookup
(12.47 KB)
📄
nl-cls-add
(16.77 KB)
📄
nl-cls-delete
(16.77 KB)
📄
nl-cls-list
(12.73 KB)
📄
nl-fib-lookup
(12.5 KB)
📄
nl-link-enslave
(11.87 KB)
📄
nl-link-ifindex2name
(11.87 KB)
📄
nl-link-list
(12.23 KB)
📄
nl-link-name2ifindex
(11.86 KB)
📄
nl-link-release
(11.86 KB)
📄
nl-link-set
(12.77 KB)
📄
nl-link-stats
(12.59 KB)
📄
nl-list-caches
(12.27 KB)
📄
nl-list-sockets
(11.87 KB)
📄
nl-monitor
(12.52 KB)
📄
nl-neigh-add
(12.63 KB)
📄
nl-neigh-delete
(12.66 KB)
📄
nl-neigh-list
(12.19 KB)
📄
nl-neightbl-list
(12.01 KB)
📄
nl-pktloc-lookup
(12.56 KB)
📄
nl-qdisc-add
(12.65 KB)
📄
nl-qdisc-delete
(12.63 KB)
📄
nl-qdisc-list
(16.74 KB)
📄
nl-route-add
(16.39 KB)
📄
nl-route-delete
(16.88 KB)
📄
nl-route-get
(12.35 KB)
📄
nl-route-list
(16.44 KB)
📄
nl-rule-list
(12.05 KB)
📄
nl-tctree-list
(12.66 KB)
📄
nl-util-addr
(11.85 KB)
📄
nload
(234.35 KB)
📄
nm
(50.38 KB)
📄
nm-online
(20.84 KB)
📄
nmcli
(1009.01 KB)
📄
nmtui
(784.12 KB)
📄
nmtui-connect
(784.12 KB)
📄
nmtui-edit
(784.12 KB)
📄
nmtui-hostname
(784.12 KB)
📄
node
(29.74 MB)
📄
nohup
(37.48 KB)
📄
nop
(12.5 KB)
📄
npm
(2.83 KB)
📄
nproc
(37.48 KB)
📄
npx
(173 B)
📄
nroff
(3.23 KB)
📄
nsenter
(33.3 KB)
📄
nslookup
(146.26 KB)
📄
nss-policy-check
(16.3 KB)
📄
nsupdate
(73.05 KB)
📄
numfmt
(65.71 KB)
📄
objcopy
(240.07 KB)
📄
objdump
(419.76 KB)
📄
od
(73.88 KB)
📄
odbc_config
(13.05 KB)
📄
odbcinst
(37.68 KB)
📄
oddjob_request
(41.24 KB)
📄
open
(20.97 KB)
📄
openssl
(745.95 KB)
📄
openvt
(20.97 KB)
📄
os-prober
(5.78 KB)
📄
osage
(12.26 KB)
📄
p11-kit
(37.15 KB)
📄
package-cleanup
(3.62 KB)
📄
page_owner_sort
(11.34 KB)
📄
pango-list
(11.88 KB)
📄
pango-view
(57.44 KB)
📄
paperconf
(13.07 KB)
📄
passwd
(32.77 KB)
📄
paste
(37.46 KB)
📄
patch
(206.46 KB)
📄
patchwork
(12.26 KB)
📄
pathchk
(37.41 KB)
📄
pathfix.py
(6.63 KB)
📄
pcre2-config
(1.9 KB)
📄
pdf2dsc
(698 B)
📄
pdf2ps
(909 B)
📄
peekfd
(16.51 KB)
📄
perl
(12.43 KB)
📄
perl5.26.3
(12.43 KB)
📄
perlbug
(44.39 KB)
📄
perldoc
(118 B)
📄
perlivp
(10.56 KB)
📄
perlml
(6.86 KB)
📄
perlthanks
(44.39 KB)
📄
perror
(3.75 MB)
📄
pflags
(2.57 KB)
📄
pftp
(101.2 KB)
📄
pgrep
(28.84 KB)
📄
php
(937 B)
📄
pic
(293.84 KB)
📄
piconv
(8.08 KB)
📄
pidof
(16.7 KB)
📄
pidstat
(65.72 KB)
📄
pigz
(125.38 KB)
📄
pinentry
(2.35 KB)
📄
pinentry-curses
(77.89 KB)
📄
pinfo
(109.34 KB)
📄
ping
(66.13 KB)
📄
pinky
(41.53 KB)
📄
pip-2
(206 B)
📄
pip-2.7
(206 B)
📄
pip-3
(209 B)
📄
pip-3.6
(209 B)
📄
pip2
(206 B)
📄
pip2.7
(206 B)
📄
pip3
(209 B)
📄
pip3.6
(209 B)
📄
pk12util
(106.88 KB)
📄
pkaction
(16.38 KB)
📄
pkcheck
(24.43 KB)
📄
pkexec
(28.41 KB)
📄
pkg-config
(40.04 KB)
📄
pkgconf
(40.04 KB)
📄
pkill
(28.84 KB)
📄
pkla-admin-identities
(25.72 KB)
📄
pkla-check-authorization
(33.78 KB)
📄
pkttyagent
(20.38 KB)
📄
pl2pm
(4.43 KB)
📄
pldd
(16.75 KB)
📄
plesk_configure
(342 B)
📄
plymouth
(45.36 KB)
📄
pmap
(32.78 KB)
📄
png-fix-itxt
(13.04 KB)
📄
pngfix
(53.53 KB)
📄
pod2html
(4.04 KB)
📄
pod2man
(14.68 KB)
📄
pod2text
(10.55 KB)
📄
pod2usage
(3.86 KB)
📄
podchecker
(3.57 KB)
📄
podselect
(2.47 KB)
📄
post-grohtml
(238.73 KB)
📄
powernow-k8-decode
(10.88 KB)
📄
pr
(82.23 KB)
📄
pre-grohtml
(130.55 KB)
📄
precat
(5.52 KB)
📄
preconv
(57.65 KB)
📄
preunzip
(5.52 KB)
📄
prezip
(5.52 KB)
📄
prezip-bin
(11.98 KB)
📄
printenv
(33.4 KB)
📄
printf
(53.64 KB)
📄
prlimit
(37.54 KB)
📄
procan
(82.6 KB)
📄
protoc
(16.48 KB)
📄
protoc-c
(244.79 KB)
📄
protoc-gen-c
(244.79 KB)
📄
prove
(13.24 KB)
📄
prtstat
(20.51 KB)
📄
prune
(16.73 KB)
📄
ps
(134.75 KB)
📄
ps2ascii
(631 B)
📄
ps2epsi
(2.69 KB)
📄
ps2pdf
(272 B)
📄
ps2pdf12
(215 B)
📄
ps2pdf13
(215 B)
📄
ps2pdf14
(215 B)
📄
ps2pdfwr
(1.07 KB)
📄
ps2ps
(647 B)
📄
ps2ps2
(669 B)
📄
ps_mem
(17.69 KB)
📄
psfaddtable
(20.66 KB)
📄
psfgettable
(20.66 KB)
📄
psfstriptable
(20.66 KB)
📄
psfxtable
(20.66 KB)
📄
pslog
(12.48 KB)
📄
pstree
(33.53 KB)
📄
pstree.x11
(33.53 KB)
📄
ptar
(3.38 KB)
📄
ptardiff
(2.48 KB)
📄
ptargrep
(4.2 KB)
📄
ptx
(78.07 KB)
📄
pure-pw
(38.83 KB)
📄
pure-pwconvert
(10.72 KB)
📄
pure-statsdecode
(10.72 KB)
📄
pwd
(37.5 KB)
📄
pwdx
(12.68 KB)
📄
pwmake
(12.27 KB)
📄
pwscore
(12.27 KB)
📄
pydoc-3
(89 B)
📄
pydoc2
(78 B)
📄
pydoc2.7
(78 B)
📄
pydoc3
(89 B)
📄
pydoc3.6
(89 B)
📄
pygettext2.7.py
(21.56 KB)
📄
pygettext2.py
(21.56 KB)
📄
pynche2
(138 B)
📄
pynche2.7
(138 B)
📄
python-html2text
(406 B)
📄
python2
(7.84 KB)
📄
python2-config
(1.8 KB)
📄
python2.7
(7.84 KB)
📄
python2.7-config
(1.8 KB)
📄
python3
(11.59 KB)
📄
python3-config
(204 B)
📄
python3-html2text
(406 B)
📄
python3.6
(11.59 KB)
📄
python3.6-config
(204 B)
📄
python3.6m
(11.59 KB)
📄
python3.6m-config
(204 B)
📄
python3.6m-x86_64-config
(3.54 KB)
📄
pyvenv-3
(446 B)
📄
pyvenv-3.6
(446 B)
📄
quota
(91.49 KB)
📄
quotasync
(74.69 KB)
📄
ranlib
(61.98 KB)
📄
raw
(16.49 KB)
📄
read
(28 B)
📄
readelf
(624.54 KB)
📄
readlink
(45.96 KB)
📄
realpath
(50.02 KB)
📄
recode-sr-latin
(17.99 KB)
📄
red
(89 B)
📄
rename
(16.5 KB)
📄
renew-dummy-cert
(725 B)
📄
renice
(16.46 KB)
📄
replace
(3.54 MB)
📄
repo-graph
(3.62 KB)
📄
repoclosure
(3.62 KB)
📄
repodiff
(3.62 KB)
📄
repomanage
(3.62 KB)
📄
repoquery
(3.62 KB)
📄
reposync
(3.62 KB)
📄
repotrack
(3.62 KB)
📄
rescan-scsi-bus.sh
(38.24 KB)
📄
reset
(24.76 KB)
📄
resizecons
(20.77 KB)
📄
resolve_stack_dump
(3.56 MB)
📄
resolvectl
(195.74 KB)
📄
resolveip
(3.56 MB)
📄
rev
(12.45 KB)
📄
rm
(70.47 KB)
📄
rmdir
(45.54 KB)
📄
rnano
(247.94 KB)
📄
rpcbind
(61.55 KB)
📄
rpcinfo
(32.64 KB)
📄
rpm
(20.85 KB)
📄
rpm2archive
(20.46 KB)
📄
rpm2cpio
(11.84 KB)
📄
rpmdb
(16.96 KB)
📄
rpmkeys
(16.87 KB)
📄
rpmquery
(20.85 KB)
📄
rpmverify
(20.85 KB)
📄
rsync
(510.15 KB)
📄
rsyslog-recover-qi.pl
(5.96 KB)
📄
run-parts
(1.94 KB)
📄
run-with-aspell
(85 B)
📄
runcon
(37.45 KB)
📄
rvi
(1.13 MB)
📄
rview
(1.13 MB)
📄
rvim
(2.93 MB)
📄
sadf
(334.57 KB)
📄
sar
(135.77 KB)
📄
sccmap
(20.62 KB)
📄
scl
(36.87 KB)
📄
scl_enabled
(258 B)
📄
scl_source
(1.82 KB)
📄
scp
(102.85 KB)
📄
screen
(482.46 KB)
📄
script
(36.79 KB)
📄
scriptreplay
(28.99 KB)
📄
scsi-rescan
(38.24 KB)
📄
scsi_logging_level
(8.38 KB)
📄
scsi_mandat
(3.52 KB)
📄
scsi_readcap
(1.3 KB)
📄
scsi_ready
(1.09 KB)
📄
scsi_satl
(3.77 KB)
📄
scsi_start
(1.25 KB)
📄
scsi_stop
(1.44 KB)
📄
scsi_temperature
(936 B)
📄
sdiff
(105.33 KB)
📄
secon
(25.46 KB)
📄
secret-tool
(21.17 KB)
📄
sed
(115.48 KB)
📄
semodule_expand
(12.28 KB)
📄
semodule_link
(12.28 KB)
📄
semodule_package
(16.68 KB)
📄
semodule_unpackage
(12.3 KB)
📄
seq
(53.52 KB)
📄
sessreg
(17.38 KB)
📄
setarch
(20.76 KB)
📄
setfacl
(37.65 KB)
📄
setfattr
(23.19 KB)
📄
setfont
(45.19 KB)
📄
setkeycodes
(12.56 KB)
📄
setleds
(16.6 KB)
📄
setmetamode
(12.56 KB)
📄
setpriv
(45.15 KB)
📄
setsid
(16.38 KB)
📄
setterm
(45.12 KB)
📄
setup-nsssysinit
(1.5 KB)
📄
setup-nsssysinit.sh
(1.5 KB)
📄
setvtrgb
(16.64 KB)
📄
sfdp
(12.26 KB)
📄
sftp
(159.74 KB)
📄
sg
(42.45 KB)
📄
sg_bg_ctl
(16.07 KB)
📄
sg_compare_and_write
(20.9 KB)
📄
sg_copy_results
(20.81 KB)
📄
sg_dd
(44.58 KB)
📄
sg_decode_sense
(20.33 KB)
📄
sg_emc_trespass
(12.26 KB)
📄
sg_format
(33.37 KB)
📄
sg_get_config
(33.31 KB)
📄
sg_get_lba_status
(20.46 KB)
📄
sg_ident
(16.17 KB)
📄
sg_inq
(117.91 KB)
📄
sg_logs
(150.02 KB)
📄
sg_luns
(24.85 KB)
📄
sg_map
(16.41 KB)
📄
sg_map26
(24.87 KB)
📄
sg_modes
(43.88 KB)
📄
sg_opcodes
(28.69 KB)
📄
sg_persist
(34.13 KB)
📄
sg_prevent
(12.07 KB)
📄
sg_raw
(24.38 KB)
📄
sg_rbuf
(20.84 KB)
📄
sg_rdac
(15.88 KB)
📄
sg_read
(24.41 KB)
📄
sg_read_attr
(34.79 KB)
📄
sg_read_block_limits
(12.12 KB)
📄
sg_read_buffer
(20.96 KB)
📄
sg_read_long
(16.27 KB)
📄
sg_readcap
(20.86 KB)
📄
sg_reassign
(16.22 KB)
📄
sg_referrals
(16.23 KB)
📄
sg_rep_zones
(20.66 KB)
📄
sg_requests
(16.3 KB)
📄
sg_reset
(16.73 KB)
📄
sg_reset_wp
(16.17 KB)
📄
sg_rmsn
(12.06 KB)
📄
sg_rtpg
(16.16 KB)
📄
sg_safte
(20.27 KB)
📄
sg_sanitize
(24.58 KB)
📄
sg_sat_identify
(16.71 KB)
📄
sg_sat_phy_event
(20.59 KB)
📄
sg_sat_read_gplog
(16.3 KB)
📄
sg_sat_set_features
(16.27 KB)
📄
sg_scan
(16.5 KB)
📄
sg_seek
(16.85 KB)
📄
sg_senddiag
(25.27 KB)
📄
sg_ses
(118.23 KB)
📄
sg_ses_microcode
(29.48 KB)
📄
sg_start
(20.93 KB)
📄
sg_stpg
(20.3 KB)
📄
sg_stream_ctl
(20.27 KB)
📄
sg_sync
(16.22 KB)
📄
sg_test_rwbuf
(20.73 KB)
📄
sg_timestamp
(20.74 KB)
📄
sg_turs
(16.74 KB)
📄
sg_unmap
(24.32 KB)
📄
sg_verify
(20.46 KB)
📄
sg_vpd
(108.75 KB)
📄
sg_wr_mode
(20.3 KB)
📄
sg_write_buffer
(21.24 KB)
📄
sg_write_long
(16.33 KB)
📄
sg_write_same
(24.48 KB)
📄
sg_write_verify
(20.78 KB)
📄
sg_write_x
(53.75 KB)
📄
sg_xcopy
(40.59 KB)
📄
sg_zone
(16.3 KB)
📄
sginfo
(74.85 KB)
📄
sgm_dd
(32.55 KB)
📄
sgp_dd
(36.95 KB)
📄
sh
(1.1 MB)
📄
sha1hmac
(32.66 KB)
📄
sha1sum
(45.63 KB)
📄
sha224hmac
(32.66 KB)
📄
sha224sum
(45.66 KB)
📄
sha256hmac
(32.66 KB)
📄
sha256sum
(45.66 KB)
📄
sha384hmac
(32.66 KB)
📄
sha384sum
(45.66 KB)
📄
sha512hmac
(32.66 KB)
📄
sha512sum
(45.66 KB)
📄
shasum
(9.66 KB)
📄
showconsolefont
(20.73 KB)
📄
showkey
(16.58 KB)
📄
showrgb
(13.05 KB)
📄
shred
(61.94 KB)
📄
shuf
(58.16 KB)
📄
signver
(110.59 KB)
📄
sim_client
(16.28 KB)
📄
sim_lsmplugin
(1.22 KB)
📄
simc_lsmplugin
(114.45 KB)
📄
size
(33.25 KB)
📄
skill
(28.8 KB)
📄
slabinfo
(36.15 KB)
📄
slabtop
(20.84 KB)
📄
sleep
(37.47 KB)
📄
slencheck
(13.07 KB)
📄
sm3hmac
(32.66 KB)
📄
smtpd2.7.py
(18.11 KB)
📄
smtpd2.py
(18.11 KB)
📄
snice
(28.8 KB)
📄
snmpconf
(25.44 KB)
📄
socat
(406.49 KB)
📄
soelim
(42.55 KB)
📄
sort
(123.55 KB)
📄
sotruss
(4.18 KB)
📄
spell
(122 B)
📄
splain
(18.7 KB)
📄
split
(58.13 KB)
📄
sprof
(28.67 KB)
📄
sqlite3
(1.28 MB)
📄
ssh
(757.54 KB)
📄
ssh-add
(346.13 KB)
📄
ssh-agent
(325.58 KB)
📄
ssh-copy-id
(10.44 KB)
📄
ssh-keygen
(427.16 KB)
📄
ssh-keyscan
(428.57 KB)
📄
ssltap
(126.29 KB)
📄
sss_ssh_authorizedkeys
(28.79 KB)
📄
sss_ssh_knownhostsproxy
(28.79 KB)
📄
stat
(86.23 KB)
📄
stdbuf
(49.58 KB)
📄
strace
(1.94 MB)
📄
strace-log-merge
(1.78 KB)
📄
stream
(11.83 KB)
📄
strings
(37.43 KB)
📄
strip
(240.09 KB)
📄
stty
(77.68 KB)
📄
su
(48.98 KB)
📄
sudo
(186.52 KB)
📄
sudoedit
(186.52 KB)
📄
sudoreplay
(115.2 KB)
📄
sum
(45.61 KB)
📄
switch_mod_lsapi
(30.99 KB)
📄
sxpm
(28.81 KB)
📄
symlinks
(17.16 KB)
📄
sync
(37.43 KB)
📄
systemctl
(218.45 KB)
📄
systemd-analyze
(1.55 MB)
📄
systemd-ask-password
(12.02 KB)
📄
systemd-cat
(16.03 KB)
📄
systemd-cgls
(16.44 KB)
📄
systemd-cgtop
(32.88 KB)
📄
systemd-delta
(24.45 KB)
📄
systemd-detect-virt
(11.88 KB)
📄
systemd-escape
(16.01 KB)
📄
systemd-firstboot
(36.98 KB)
📄
systemd-hwdb
(28.91 KB)
📄
systemd-inhibit
(16.03 KB)
📄
systemd-machine-id-setup
(24.75 KB)
📄
systemd-mount
(52.63 KB)
📄
systemd-notify
(16.03 KB)
📄
systemd-path
(16.02 KB)
📄
systemd-resolve
(195.74 KB)
📄
systemd-run
(48.94 KB)
📄
systemd-socket-activate
(24.77 KB)
📄
systemd-stdio-bridge
(16.02 KB)
📄
systemd-sysusers
(53.05 KB)
📄
systemd-tmpfiles
(73.29 KB)
📄
systemd-tty-ask-password-agent
(32.82 KB)
📄
systemd-umount
(52.63 KB)
📄
tabs
(16.55 KB)
📄
tac
(41.57 KB)
📄
tail
(74.2 KB)
📄
tapestat
(41.32 KB)
📄
tar
(448.99 KB)
📄
taskset
(37.25 KB)
📄
tbl
(154.61 KB)
📄
tcamgr
(25.13 KB)
📄
tcamttest
(21.16 KB)
📄
tcatest
(57.6 KB)
📄
tcbmgr
(29.1 KB)
📄
tcbmttest
(53.22 KB)
📄
tcbtest
(69.56 KB)
📄
tcfmgr
(25.09 KB)
📄
tcfmttest
(37.2 KB)
📄
tcftest
(45.18 KB)
📄
tchmgr
(25.09 KB)
📄
tchmttest
(49.22 KB)
📄
tchtest
(57.53 KB)
📄
tclsh
(9.04 KB)
📄
tclsh8.6
(9.04 KB)
📄
tcptraceroute
(1.55 KB)
📄
tctmgr
(37.09 KB)
📄
tctmttest
(45.2 KB)
📄
tcttest
(57.19 KB)
📄
tcucodec
(37.08 KB)
📄
tcumttest
(25.16 KB)
📄
tcutest
(73.17 KB)
📄
teamd
(160.52 KB)
📄
teamdctl
(30.37 KB)
📄
teamnl
(20.47 KB)
📄
tee
(41.55 KB)
📄
telnet
(104.88 KB)
📄
test
(53.63 KB)
📄
tic
(85.31 KB)
📄
time
(27.54 KB)
📄
timedatectl
(36.96 KB)
📄
timeout
(41.93 KB)
📄
tload
(16.76 KB)
📄
tmon
(39.63 KB)
📄
tmpwatch
(35.47 KB)
📄
toe
(16.45 KB)
📄
top
(121.7 KB)
📄
touch
(94.02 KB)
📄
tput
(24.8 KB)
📄
tr
(49.7 KB)
📄
tracepath
(20.44 KB)
📄
traceroute
(70.97 KB)
📄
traceroute6
(70.97 KB)
📄
tred
(16.59 KB)
📄
tree
(81.59 KB)
📄
troff
(805.02 KB)
📄
true
(33.4 KB)
📄
truncate
(41.44 KB)
📄
trust
(219.55 KB)
📄
tset
(24.76 KB)
📄
tsort
(41.57 KB)
📄
tty
(33.39 KB)
📄
turbostat
(130.8 KB)
📄
twopi
(12.26 KB)
📄
type
(28 B)
📄
tzselect
(15.01 KB)
📄
uapi
(3.18 MB)
📄
ucs2any
(24.41 KB)
📄
udevadm
(424.59 KB)
📄
ul
(20.58 KB)
📄
ulimit
(30 B)
📄
umask
(29 B)
📄
umount
(32.75 KB)
📄
unalias
(31 B)
📄
uname
(37.41 KB)
📄
uname26
(20.76 KB)
📄
unexpand
(45.68 KB)
📄
unflatten
(16.63 KB)
📄
unicode_start
(2.55 KB)
📄
unicode_stop
(363 B)
📄
uniq
(49.72 KB)
📄
unix2dos
(58.53 KB)
📄
unix2mac
(58.53 KB)
📄
unlink
(33.41 KB)
📄
unlzma
(82.09 KB)
📄
unpigz
(125.38 KB)
📄
unshare
(24.92 KB)
📄
unversioned-python
(157 B)
📄
unxz
(82.09 KB)
📄
unzip
(201.88 KB)
📄
unzipsfx
(101.48 KB)
📄
update-ca-trust
(1.24 KB)
📄
update-crypto-policies
(87 B)
📄
update-desktop-database
(24.55 KB)
📄
update-gtk-immodules
(313 B)
📄
update-mime-database
(57.22 KB)
📄
updatedb
(53.84 KB)
📄
uptime
(12.59 KB)
📄
usb-devices
(4.01 KB)
📄
usbhid-dump
(31.04 KB)
📄
users
(37.47 KB)
📄
usleep
(11.85 KB)
📄
utmpdump
(28.66 KB)
📄
uuclient
(15.88 KB)
📄
uuidgen
(16.37 KB)
📄
uuidparse
(37.13 KB)
📄
vdir
(139.97 KB)
📄
vdo
(5 KB)
📄
vdo-by-dev
(1.83 KB)
📄
vdodmeventd
(62.45 KB)
📄
vdodumpconfig
(536.63 KB)
📄
vdoforcerebuild
(524.27 KB)
📄
vdoformat
(549.13 KB)
📄
vdosetuuid
(536.66 KB)
📄
vdostats
(10.26 KB)
📄
verify_blkparse
(11.87 KB)
📄
vi
(1.13 MB)
📄
view
(1.13 MB)
📄
vim
(2.93 MB)
📄
vimdiff
(2.93 MB)
📄
vimdot
(1.06 KB)
📄
vimtutor
(2.07 KB)
📄
vlock
(20.83 KB)
📄
vmstat
(36.79 KB)
📄
w
(20.75 KB)
📄
wait
(28 B)
📄
wall
(33.05 KB)
📄
watch
(29.19 KB)
📄
watchgnupg
(16.43 KB)
📄
wc
(49.72 KB)
📄
wdctl
(36.98 KB)
📄
wget
(521.41 KB)
📄
whatis
(54.04 KB)
📄
whereis
(29.27 KB)
📄
which
(29.44 KB)
📄
whiptail
(33.09 KB)
📄
who
(53.68 KB)
📄
whoami
(33.41 KB)
📄
wish
(13.05 KB)
📄
wish8.6
(13.05 KB)
📄
wmf2eps
(17.15 KB)
📄
wmf2fig
(17.15 KB)
📄
wmf2gd
(17.14 KB)
📄
wmf2svg
(17.16 KB)
📄
wmf2x
(17.13 KB)
📄
word-list-compress
(11.99 KB)
📄
write
(20.62 KB)
📄
wsrep_sst_backup
(2.39 KB)
📄
wsrep_sst_common
(66.86 KB)
📄
wsrep_sst_mariabackup
(49.47 KB)
📄
wsrep_sst_mysqldump
(8.1 KB)
📄
wsrep_sst_rsync
(29.72 KB)
📄
wsrep_sst_rsync_wan
(29.72 KB)
📄
x86_64
(20.76 KB)
📄
x86_64-redhat-linux-c++
(1.21 MB)
📄
x86_64-redhat-linux-g++
(1.21 MB)
📄
x86_64-redhat-linux-gcc
(1.21 MB)
📄
x86_64-redhat-linux-gcc-8
(1.21 MB)
📄
x86_64-redhat-linux-gnu-pkg-config
(424 B)
📄
x86_energy_perf_policy
(31.95 KB)
📄
xargs
(74.11 KB)
📄
xdg-desktop-icon
(20.61 KB)
📄
xdg-desktop-menu
(43.42 KB)
📄
xdg-email
(26.56 KB)
📄
xdg-icon-resource
(29.89 KB)
📄
xdg-mime
(41.68 KB)
📄
xdg-open
(24.76 KB)
📄
xdg-screensaver
(36.9 KB)
📄
xdg-settings
(37.04 KB)
📄
xgamma
(17.08 KB)
📄
xgettext
(283.88 KB)
📄
xhost
(17.12 KB)
📄
xinput
(63.61 KB)
📄
xkill
(17.1 KB)
📄
xml2-config
(1.71 KB)
📄
xmlcatalog
(20.38 KB)
📄
xmllint
(73.37 KB)
📄
xmlwf
(32.96 KB)
📄
xmodmap
(39.98 KB)
📄
xorg-x11-fonts-update-dirs
(1.29 KB)
📄
xrandr
(65.46 KB)
📄
xrdb
(33.98 KB)
📄
xrefresh
(17.94 KB)
📄
xset
(37.2 KB)
📄
xsetpointer
(13.05 KB)
📄
xsetroot
(21.44 KB)
📄
xslt-config
(2.36 KB)
📄
xsltproc
(28.47 KB)
📄
xstdcmap
(17.68 KB)
📄
xsubpp
(4.96 KB)
📄
xxd
(20.52 KB)
📄
xz
(82.09 KB)
📄
xzcat
(82.09 KB)
📄
xzcmp
(6.48 KB)
📄
xzdec
(16.48 KB)
📄
xzdiff
(6.48 KB)
📄
xzegrep
(5.76 KB)
📄
xzfgrep
(5.76 KB)
📄
xzgrep
(5.76 KB)
📄
xzless
(1.76 KB)
📄
xzmore
(2.11 KB)
📄
yat2m
(33.34 KB)
📄
yes
(33.45 KB)
📄
ypdomainname
(21.16 KB)
📄
yum
(2.05 KB)
📄
yum-builddep
(3.62 KB)
📄
yum-config-manager
(3.62 KB)
📄
yum-debug-dump
(3.62 KB)
📄
yum-debug-restore
(3.62 KB)
📄
yum-groups-manager
(3.62 KB)
📄
yumdownloader
(3.62 KB)
📄
zcat
(1.94 KB)
📄
zcmp
(1.64 KB)
📄
zdiff
(5.74 KB)
📄
zegrep
(29 B)
📄
zfgrep
(29 B)
📄
zforce
(2.03 KB)
📄
zgrep
(7.4 KB)
📄
zip
(229 KB)
📄
zipcloak
(102.91 KB)
📄
zipdetails
(49.39 KB)
📄
zipgrep
(2.88 KB)
📄
zipinfo
(201.88 KB)
📄
zipnote
(97.76 KB)
📄
zipsplit
(97.76 KB)
📄
zless
(2.15 KB)
📄
zmore
(1.8 KB)
📄
znew
(4.45 KB)
📄
zsoelim
(42.55 KB)
Editing: firewall-cmd
#!/usr/libexec/platform-python -s # -*- coding: utf-8 -*- # # Copyright (C) 2009-2016 Red Hat, Inc. # # Authors: # Thomas Woerner <twoerner@redhat.com> # Jiri Popelka <jpopelka@redhat.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # from gi.repository import GObject import sys sys.modules['gobject'] = GObject import argparse import os from firewall.client import FirewallClient, FirewallClientIPSetSettings, \ FirewallClientZoneSettings, FirewallClientServiceSettings, \ FirewallClientIcmpTypeSettings, FirewallClientHelperSettings, \ FirewallClientPolicySettings from firewall.errors import FirewallError from firewall import errors from firewall.functions import joinArgs, splitArgs, getPortRange from firewall.core.fw_nm import nm_is_imported, \ nm_get_connection_of_interface, nm_get_zone_of_connection, \ nm_set_zone_of_connection, nm_get_interfaces_in_zone from firewall.core.io.zone import zone_reader from firewall.core.io.policy import policy_reader from firewall.core.io.service import service_reader from firewall.core.io.ipset import ipset_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.helper import helper_reader from firewall.command import FirewallCommand def __usage(): sys.stdout.write(""" Usage: firewall-cmd [OPTIONS...] General Options -h, --help Prints a short help text and exits -V, --version Print the version string of firewalld -q, --quiet Do not print status messages Status Options --state Return and print firewalld state --reload Reload firewall and keep state information --complete-reload Reload firewall and lose state information --runtime-to-permanent Create permanent from runtime configuration --check-config Check permanent configuration for errors Log Denied Options --get-log-denied Print the log denied value --set-log-denied=<value> Set log denied value Permanent Options --permanent Set an option permanently Usable for options marked with [P] Zone Options --get-default-zone Print default zone for connections and interfaces --set-default-zone=<zone> Set default zone --get-active-zones Print currently active zones --get-zones Print predefined zones [P] --get-services Print predefined services [P] --get-icmptypes Print predefined icmptypes [P] --get-zone-of-interface=<interface> Print name of the zone the interface is bound to [P] --get-zone-of-source=<source>[/<mask>]|<MAC>|ipset:<ipset> Print name of the zone the source is bound to [P] --list-all-zones List everything added for or enabled in all zones [P] --new-zone=<zone> Add a new zone [P only] --new-zone-from-file=<filename> [--name=<zone>] Add a new zone from file with optional name [P only] --delete-zone=<zone> Delete an existing zone [P only] --load-zone-defaults=<zone> Load zone default settings [P only] --zone=<zone> Use this zone to set or query options, else default zone Usable for options marked with [Z] --info-zone=<zone> Print information about a zone --path-zone=<zone> Print file path of a zone [P only] Policy Options --get-policies Print predefined policies --get-active-policies Print currently active policies --list-all-policies List everything added for or enabled in all policies --new-policy=<policy> Add a new empty policy --new-policy-from-file=<filename> [--name=<policy>] Add a new policy from file with optional name override [P only] --delete-policy=<policy> Delete an existing policy --load-policy-defaults=<policy> Load policy default settings --policy=<policy> Use this policy to set or query options Usable for options marked with [O] --info-policy=<policy> Print information about a policy --path-policy=<policy> Print file path of a policy IPSet Options --get-ipset-types Print the supported ipset types --new-ipset=<ipset> --type=<ipset type> [--option=<key>[=<value>]].. Add a new ipset [P only] --new-ipset-from-file=<filename> [--name=<ipset>] Add a new ipset from file with optional name [P only] --delete-ipset=<ipset> Delete an existing ipset [P only] --load-ipset-defaults=<ipset> Load ipset default settings [P only] --info-ipset=<ipset> Print information about an ipset --path-ipset=<ipset> Print file path of an ipset [P only] --get-ipsets Print predefined ipsets --ipset=<ipset> --set-description=<description> Set new description to ipset [P only] --ipset=<ipset> --get-description Print description for ipset [P only] --ipset=<ipset> --set-short=<description> Set new short description to ipset [P only] --ipset=<ipset> --get-short Print short description for ipset [P only] --ipset=<ipset> --add-entry=<entry> Add a new entry to an ipset [P] --ipset=<ipset> --remove-entry=<entry> Remove an entry from an ipset [P] --ipset=<ipset> --query-entry=<entry> Return whether ipset has an entry [P] --ipset=<ipset> --get-entries List entries of an ipset [P] --ipset=<ipset> --add-entries-from-file=<entry> Add a new entries to an ipset [P] --ipset=<ipset> --remove-entries-from-file=<entry> Remove entries from an ipset [P] IcmpType Options --new-icmptype=<icmptype> Add a new icmptype [P only] --new-icmptype-from-file=<filename> [--name=<icmptype>] Add a new icmptype from file with optional name [P only] --delete-icmptype=<icmptype> Delete an existing icmptype [P only] --load-icmptype-defaults=<icmptype> Load icmptype default settings [P only] --info-icmptype=<icmptype> Print information about an icmptype --path-icmptype=<icmptype> Print file path of an icmptype [P only] --icmptype=<icmptype> --set-description=<description> Set new description to icmptype [P only] --icmptype=<icmptype> --get-description Print description for icmptype [P only] --icmptype=<icmptype> --set-short=<description> Set new short description to icmptype [P only] --icmptype=<icmptype> --get-short Print short description for icmptype [P only] --icmptype=<icmptype> --add-destination=<ipv> Enable destination for ipv in icmptype [P only] --icmptype=<icmptype> --remove-destination=<ipv> Disable destination for ipv in icmptype [P only] --icmptype=<icmptype> --query-destination=<ipv> Return whether destination ipv is enabled in icmptype [P only] --icmptype=<icmptype> --get-destinations List destinations in icmptype [P only] Service Options --new-service=<service> Add a new service [P only] --new-service-from-file=<filename> [--name=<service>] Add a new service from file with optional name [P only] --delete-service=<service> Delete an existing service [P only] --load-service-defaults=<service> Load icmptype default settings [P only] --info-service=<service> Print information about a service --path-service=<service> Print file path of a service [P only] --service=<service> --set-description=<description> Set new description to service [P only] --service=<service> --get-description Print description for service [P only] --service=<service> --set-short=<description> Set new short description to service [P only] --service=<service> --get-short Print short description for service [P only] --service=<service> --add-port=<portid>[-<portid>]/<protocol> Add a new port to service [P only] --service=<service> --remove-port=<portid>[-<portid>]/<protocol> Remove a port from service [P only] --service=<service> --query-port=<portid>[-<portid>]/<protocol> Return whether the port has been added for service [P only] --service=<service> --get-ports List ports of service [P only] --service=<service> --add-protocol=<protocol> Add a new protocol to service [P only] --service=<service> --remove-protocol=<protocol> Remove a protocol from service [P only] --service=<service> --query-protocol=<protocol> Return whether the protocol has been added for service [P only] --service=<service> --get-protocols List protocols of service [P only] --service=<service> --add-source-port=<portid>[-<portid>]/<protocol> Add a new source port to service [P only] --service=<service> --remove-source-port=<portid>[-<portid>]/<protocol> Remove a source port from service [P only] --service=<service> --query-source-port=<portid>[-<portid>]/<protocol> Return whether the source port has been added for service [P only] --service=<service> --get-source-ports List source ports of service [P only] --service=<service> --add-helper=<helper> Add a new helper to service [P only] --service=<service> --remove-helper=<helper> Remove a helper from service [P only] --service=<service> --query-helper=<helper> Return whether the helper has been added for service [P only] --service=<service> --get-service-helpers List helpers of service [P only] --service=<service> --set-destination=<ipv>:<address>[/<mask>] Set destination for ipv to address in service [P only] --service=<service> --remove-destination=<ipv> Disable destination for ipv i service [P only] --service=<service> --query-destination=<ipv>:<address>[/<mask>] Return whether destination ipv is set for service [P only] --service=<service> --get-destinations List destinations in service [P only] --service=<service> --add-include=<service> Add a new include to service [P only] --service=<service> --remove-include=<service> Remove a include from service [P only] --service=<service> --query-include=<service> Return whether the include has been added for service [P only] --service=<service> --get-includes List includes of service [P only] Options to Adapt and Query Zones and Policies --list-all List everything added for or enabled [P] [Z] [O] --timeout=<timeval> Enable an option for timeval time, where timeval is a number followed by one of letters 's' or 'm' or 'h' Usable for options marked with [T] --set-description=<description> Set new description [P only] [Z] [O] --get-description Print description [P only] [Z] [O] --get-target Get the target [P only] [Z] [O] --set-target=<target> Set the target [P only] [Z] [O] --set-short=<description> Set new short description [Z] [O] --get-short Print short description [P only] [Z] [O] --list-services List services added [P] [Z] --add-service=<service> Add a service [P] [Z] [O] [T] --remove-service=<service> Remove a service [P] [Z] [O] --query-service=<service> Return whether service has been added [P] [Z] [O] --list-ports List ports added [P] [Z] [O] --add-port=<portid>[-<portid>]/<protocol> Add the port [P] [Z] [O] [T] --remove-port=<portid>[-<portid>]/<protocol> Remove the port [P] [Z] [O] --query-port=<portid>[-<portid>]/<protocol> Return whether the port has been added [P] [Z] [O] --list-protocols List protocols added [P] [Z] [O] --add-protocol=<protocol> Add the protocol [P] [Z] [O] [T] --remove-protocol=<protocol> Remove the protocol [P] [Z] [O] --query-protocol=<protocol> Return whether the protocol has been added [P] [Z] [O] --list-source-ports List source ports added [P] [Z] [O] --add-source-port=<portid>[-<portid>]/<protocol> Add the source port [P] [Z] [O] [T] --remove-source-port=<portid>[-<portid>]/<protocol> Remove the source port [P] [Z] [O] --query-source-port=<portid>[-<portid>]/<protocol> Return whether the source port has been added [P] [Z] [O] --list-icmp-blocks List Internet ICMP type blocks added [P] [Z] [O] --add-icmp-block=<icmptype> Add an ICMP block [P] [Z] [O] [T] --remove-icmp-block=<icmptype> Remove the ICMP block [P] [Z] [O] --query-icmp-block=<icmptype> Return whether an ICMP block has been added [P] [Z] [O] --list-forward-ports List IPv4 forward ports added [P] [Z] [O] --add-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]] Add the IPv4 forward port [P] [Z] [O] [T] --remove-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]] Remove the IPv4 forward port [P] [Z] [O] --query-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]] Return whether the IPv4 forward port has been added [P] [Z] [O] --add-masquerade Enable IPv4 masquerade [P] [Z] [O] [T] --remove-masquerade Disable IPv4 masquerade [P] [Z] [O] --query-masquerade Return whether IPv4 masquerading has been enabled [P] [Z] [O] --list-rich-rules List rich language rules added [P] [Z] [O] --add-rich-rule=<rule> Add rich language rule 'rule' [P] [Z] [O] [T] --remove-rich-rule=<rule> Remove rich language rule 'rule' [P] [Z] [O] --query-rich-rule=<rule> Return whether a rich language rule 'rule' has been added [P] [Z] [O] Options to Adapt and Query Zones --add-icmp-block-inversion Enable inversion of icmp blocks for a zone [P] [Z] --remove-icmp-block-inversion Disable inversion of icmp blocks for a zone [P] [Z] --query-icmp-block-inversion Return whether inversion of icmp blocks has been enabled for a zone [P] [Z] --add-forward Enable forwarding of packets between interfaces and sources in a zone [P] [Z] [T] --remove-forward Disable forwarding of packets between interfaces and sources in a zone [P] [Z] --query-forward Return whether forwarding of packets between interfaces and sources has been enabled for a zone [P] [Z] Options to Adapt and Query Policies --get-priority Get the priority [P only] [O] --set-priority=<priority> Set the priority [P only] [O] --list-ingress-zones List ingress zones that are bound to a policy [P] [O] --add-ingress-zone=<zone> Add the ingress zone to a policy [P] [O] --remove-ingress-zone=<zone> Remove the ingress zone from a policy [P] [O] --query-ingress-zone=<zone> Query whether the ingress zone has been adedd to a policy [P] [O] --list-egress-zones List egress zones that are bound to a policy [P] [O] --add-egress-zone=<zone> Add the egress zone to a policy [P] [O] --remove-egress-zone=<zone> Remove the egress zone from a policy [P] [O] --query-egress-zone=<zone> Query whether the egress zone has been adedd to a policy [P] [O] Options to Handle Bindings of Interfaces --list-interfaces List interfaces that are bound to a zone [P] [Z] --add-interface=<interface> Bind the <interface> to a zone [P] [Z] --change-interface=<interface> Change zone the <interface> is bound to [P] [Z] --query-interface=<interface> Query whether <interface> is bound to a zone [P] [Z] --remove-interface=<interface> Remove binding of <interface> from a zone [P] [Z] Options to Handle Bindings of Sources --list-sources List sources that are bound to a zone [P] [Z] --add-source=<source>[/<mask>]|<MAC>|ipset:<ipset> Bind the source to a zone [P] [Z] --change-source=<source>[/<mask>]|<MAC>|ipset:<ipset> Change zone the source is bound to [Z] --query-source=<source>[/<mask>]|<MAC>|ipset:<ipset> Query whether the source is bound to a zone [P] [Z] --remove-source=<source>[/<mask>]|<MAC>|ipset:<ipset> Remove binding of the source from a zone [P] [Z] Helper Options --new-helper=<helper> --module=<module> [--family=<family>] Add a new helper [P only] --new-helper-from-file=<filename> [--name=<helper>] Add a new helper from file with optional name [P only] --delete-helper=<helper> Delete an existing helper [P only] --load-helper-defaults=<helper> Load helper default settings [P only] --info-helper=<helper> Print information about an helper --path-helper=<helper> Print file path of an helper [P only] --get-helpers Print predefined helpers --helper=<helper> --set-description=<description> Set new description to helper [P only] --helper=<helper> --get-description Print description for helper [P only] --helper=<helper> --set-short=<description> Set new short description to helper [P only] --helper=<helper> --get-short Print short description for helper [P only] --helper=<helper> --add-port=<portid>[-<portid>]/<protocol> Add a new port to helper [P only] --helper=<helper> --remove-port=<portid>[-<portid>]/<protocol> Remove a port from helper [P only] --helper=<helper> --query-port=<portid>[-<portid>]/<protocol> Return whether the port has been added for helper [P only] --helper=<helper> --get-ports List ports of helper [P only] --helper=<helper> --set-module=<module> Set module to helper [P only] --helper=<helper> --get-module Get module from helper [P only] --helper=<helper> --set-family={ipv4|ipv6|} Set family for helper [P only] --helper=<helper> --get-family Get module from helper [P only] Direct Options --direct First option for all direct options --get-all-chains Get all chains [P] --get-chains {ipv4|ipv6|eb} <table> Get all chains added to the table [P] --add-chain {ipv4|ipv6|eb} <table> <chain> Add a new chain to the table [P] --remove-chain {ipv4|ipv6|eb} <table> <chain> Remove the chain from the table [P] --query-chain {ipv4|ipv6|eb} <table> <chain> Return whether the chain has been added to the table [P] --get-all-rules Get all rules [P] --get-rules {ipv4|ipv6|eb} <table> <chain> Get all rules added to chain in table [P] --add-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>... Add rule to chain in table [P] --remove-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>... Remove rule with priority from chain in table [P] --remove-rules {ipv4|ipv6|eb} <table> <chain> Remove rules from chain in table [P] --query-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>... Return whether a rule with priority has been added to chain in table [P] --passthrough {ipv4|ipv6|eb} <arg>... Pass a command through (untracked by firewalld) --get-all-passthroughs Get all tracked passthrough rules [P] --get-passthroughs {ipv4|ipv6|eb} <arg>... Get tracked passthrough rules [P] --add-passthrough {ipv4|ipv6|eb} <arg>... Add a new tracked passthrough rule [P] --remove-passthrough {ipv4|ipv6|eb} <arg>... Remove a tracked passthrough rule [P] --query-passthrough {ipv4|ipv6|eb} <arg>... Return whether the tracked passthrough rule has been added [P] Lockdown Options --lockdown-on Enable lockdown. --lockdown-off Disable lockdown. --query-lockdown Query whether lockdown is enabled Lockdown Whitelist Options --list-lockdown-whitelist-commands List all command lines that are on the whitelist [P] --add-lockdown-whitelist-command=<command> Add the command to the whitelist [P] --remove-lockdown-whitelist-command=<command> Remove the command from the whitelist [P] --query-lockdown-whitelist-command=<command> Query whether the command is on the whitelist [P] --list-lockdown-whitelist-contexts List all contexts that are on the whitelist [P] --add-lockdown-whitelist-context=<context> Add the context context to the whitelist [P] --remove-lockdown-whitelist-context=<context> Remove the context from the whitelist [P] --query-lockdown-whitelist-context=<context> Query whether the context is on the whitelist [P] --list-lockdown-whitelist-uids List all user ids that are on the whitelist [P] --add-lockdown-whitelist-uid=<uid> Add the user id uid to the whitelist [P] --remove-lockdown-whitelist-uid=<uid> Remove the user id uid from the whitelist [P] --query-lockdown-whitelist-uid=<uid> Query whether the user id uid is on the whitelist [P] --list-lockdown-whitelist-users List all user names that are on the whitelist [P] --add-lockdown-whitelist-user=<user> Add the user name user to the whitelist [P] --remove-lockdown-whitelist-user=<user> Remove the user name user from the whitelist [P] --query-lockdown-whitelist-user=<user> Query whether the user name user is on the whitelist [P] Panic Options --panic-on Enable panic mode --panic-off Disable panic mode --query-panic Query whether panic mode is enabled """) def try_set_zone_of_interface(_zone, interface): if nm_is_imported(): try: connection = nm_get_connection_of_interface(interface) except Exception: pass else: if connection is not None: if _zone == nm_get_zone_of_connection(connection): if _zone == "": cmd.print_warning("The interface is under control of NetworkManager and already bound to the default zone") else: cmd.print_warning("The interface is under control of NetworkManager and already bound to '%s'" % _zone) if _zone == "": cmd.print_msg("The interface is under control of NetworkManager, setting zone to default.") else: cmd.print_msg("The interface is under control of NetworkManager, setting zone to '%s'." % _zone) nm_set_zone_of_connection(_zone, connection) return True return False def try_get_zone_of_interface(interface): if nm_is_imported(): try: connection = nm_get_connection_of_interface(interface) except Exception: pass else: if connection is not None: return nm_get_zone_of_connection(connection) return False def try_nm_get_interfaces_in_zone(zone): if nm_is_imported(): try: return nm_get_interfaces_in_zone(zone) except Exception: pass return [] parser = argparse.ArgumentParser(usage="see firewall-cmd man page", add_help=False) parser_group_output = parser.add_mutually_exclusive_group() parser_group_output.add_argument("-v", "--verbose", action="store_true") parser_group_output.add_argument("-q", "--quiet", action="store_true") parser_group_standalone = parser.add_mutually_exclusive_group() parser_group_standalone.add_argument("-h", "--help", action="store_true") parser_group_standalone.add_argument("-V", "--version", action="store_true") parser_group_standalone.add_argument("--state", action="store_true") parser_group_standalone.add_argument("--reload", action="store_true") parser_group_standalone.add_argument("--complete-reload", action="store_true") parser_group_standalone.add_argument("--runtime-to-permanent", action="store_true") parser_group_standalone.add_argument("--check-config", action="store_true") parser_group_standalone.add_argument("--get-ipset-types", action="store_true") parser_group_standalone.add_argument("--get-log-denied", action="store_true") parser_group_standalone.add_argument("--set-log-denied", metavar="<value>") parser_group_standalone.add_argument("--get-automatic-helpers", action="store_true") parser_group_standalone.add_argument("--set-automatic-helpers", metavar="<value>") parser_group_standalone.add_argument("--panic-on", action="store_true") parser_group_standalone.add_argument("--panic-off", action="store_true") parser_group_standalone.add_argument("--query-panic", action="store_true") parser_group_standalone.add_argument("--lockdown-on", action="store_true") parser_group_standalone.add_argument("--lockdown-off", action="store_true") parser_group_standalone.add_argument("--query-lockdown", action="store_true") parser_group_standalone.add_argument("--get-default-zone", action="store_true") parser_group_standalone.add_argument("--set-default-zone", metavar="<zone>") parser_group_standalone.add_argument("--get-zones", action="store_true") parser_group_standalone.add_argument("--get-policies", action="store_true") parser_group_standalone.add_argument("--get-services", action="store_true") parser_group_standalone.add_argument("--get-icmptypes", action="store_true") parser_group_standalone.add_argument("--get-active-zones", action="store_true") parser_group_standalone.add_argument("--get-active-policies", action="store_true") parser_group_standalone.add_argument("--get-zone-of-interface", metavar="<iface>", action='append') parser_group_standalone.add_argument("--get-zone-of-source", metavar="<source>", action='append') parser_group_standalone.add_argument("--list-all-zones", action="store_true") parser_group_standalone.add_argument("--list-all-policies", action="store_true") parser_group_standalone.add_argument("--info-zone", metavar="<zone>") parser_group_standalone.add_argument("--info-policy", metavar="<policy>") parser_group_standalone.add_argument("--info-service", metavar="<service>") parser_group_standalone.add_argument("--info-icmptype", metavar="<icmptype>") parser_group_standalone.add_argument("--info-ipset", metavar="<ipset>") parser_group_standalone.add_argument("--info-helper", metavar="<helper>") parser_group_config = parser.add_mutually_exclusive_group() parser_group_config.add_argument("--new-icmptype", metavar="<icmptype>") parser_group_config.add_argument("--new-icmptype-from-file", metavar="<filename>") parser_group_config.add_argument("--delete-icmptype", metavar="<icmptype>") parser_group_config.add_argument("--load-icmptype-defaults", metavar="<icmptype>") parser_group_config.add_argument("--new-service", metavar="<service>") parser_group_config.add_argument("--new-service-from-file", metavar="<filename>") parser_group_config.add_argument("--delete-service", metavar="<service>") parser_group_config.add_argument("--load-service-defaults", metavar="<service>") parser_group_config.add_argument("--new-zone", metavar="<zone>") parser_group_config.add_argument("--new-zone-from-file", metavar="<filename>") parser_group_config.add_argument("--delete-zone", metavar="<zone>") parser_group_config.add_argument("--load-zone-defaults", metavar="<zone>") parser_group_config.add_argument("--new-policy", metavar="<policy>") parser_group_config.add_argument("--new-policy-from-file", metavar="<filename>") parser_group_config.add_argument("--delete-policy", metavar="<policy>") parser_group_config.add_argument("--load-policy-defaults", metavar="<policy>") parser_group_config.add_argument("--new-ipset", metavar="<ipset>") parser_group_config.add_argument("--new-ipset-from-file", metavar="<filename>") parser_group_config.add_argument("--delete-ipset", metavar="<ipset>") parser_group_config.add_argument("--load-ipset-defaults", metavar="<ipset>") parser_group_config.add_argument("--new-helper", metavar="<helper>") parser_group_config.add_argument("--new-helper-from-file", metavar="<filename>") parser_group_config.add_argument("--delete-helper", metavar="<helper>") parser_group_config.add_argument("--load-helper-defaults", metavar="<helper>") parser_group_config.add_argument("--path-zone", metavar="<zone>") parser_group_config.add_argument("--path-policy", metavar="<policy>") parser_group_config.add_argument("--path-service", metavar="<service>") parser_group_config.add_argument("--path-icmptype", metavar="<icmptype>") parser_group_config.add_argument("--path-ipset", metavar="<ipset>") parser_group_config.add_argument("--path-helper", metavar="<helper>") parser.add_argument("--name", default="", metavar="<name>") parser_group_lockdown_whitelist = parser.add_mutually_exclusive_group() parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-commands", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-command", metavar="<command>", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-command", metavar="<command>", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-command", metavar="<command>", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-contexts", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-context", metavar="<context>", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-context", metavar="<context>", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-context", metavar="<context>", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-uids", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-uid", metavar="<uid>", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-uid", metavar="<uid>", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-uid", metavar="<uid>", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-users", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-user", metavar="<user>", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-user", metavar="<user>", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-user", metavar="<user>", action='append') parser.add_argument("--permanent", action="store_true") parser.add_argument("--zone", default="", metavar="<zone>") parser.add_argument("--policy", default="", metavar="<policy>") parser.add_argument("--timeout", default="0", metavar="<seconds>") parser_group_zone_or_policy = parser.add_mutually_exclusive_group() parser_group_zone_or_policy.add_argument("--add-interface", metavar="<iface>", action='append') parser_group_zone_or_policy.add_argument("--remove-interface", metavar="<iface>", action='append') parser_group_zone_or_policy.add_argument("--query-interface", metavar="<iface>", action='append') parser_group_zone_or_policy.add_argument("--change-interface", "--change-zone", metavar="<iface>", action='append') parser_group_zone_or_policy.add_argument("--list-interfaces", action="store_true") parser_group_zone_or_policy.add_argument("--add-source", metavar="<source>", action='append') parser_group_zone_or_policy.add_argument("--remove-source", metavar="<source>", action='append') parser_group_zone_or_policy.add_argument("--query-source", metavar="<source>", action='append') parser_group_zone_or_policy.add_argument("--change-source", metavar="<source>", action='append') parser_group_zone_or_policy.add_argument("--list-sources", action="store_true") parser_group_zone_or_policy.add_argument("--add-ingress-zone", metavar="<zone>", action='append') parser_group_zone_or_policy.add_argument("--remove-ingress-zone", metavar="<zone>", action='append') parser_group_zone_or_policy.add_argument("--query-ingress-zone", metavar="<zone>", action='append') parser_group_zone_or_policy.add_argument("--list-ingress-zones", action="store_true") parser_group_zone_or_policy.add_argument("--add-egress-zone", metavar="<zone>", action='append') parser_group_zone_or_policy.add_argument("--remove-egress-zone", metavar="<zone>", action='append') parser_group_zone_or_policy.add_argument("--query-egress-zone", metavar="<zone>", action='append') parser_group_zone_or_policy.add_argument("--list-egress-zones", action="store_true") parser_group_zone_or_policy.add_argument("--add-rich-rule", metavar="<rule>", action='append') parser_group_zone_or_policy.add_argument("--remove-rich-rule", metavar="<rule>", action='append') parser_group_zone_or_policy.add_argument("--query-rich-rule", metavar="<rule>", action='append') parser_group_zone_or_policy.add_argument("--add-service", metavar="<service>", action='append') parser_group_zone_or_policy.add_argument("--remove-service", metavar="<zone_or_policy>", action='append') parser_group_zone_or_policy.add_argument("--query-service", metavar="<zone_or_policy>", action='append') parser_group_zone_or_policy.add_argument("--add-port", metavar="<port>", action='append') parser_group_zone_or_policy.add_argument("--remove-port", metavar="<port>", action='append') parser_group_zone_or_policy.add_argument("--query-port", metavar="<port>", action='append') parser_group_zone_or_policy.add_argument("--add-protocol", metavar="<protocol>", action='append') parser_group_zone_or_policy.add_argument("--remove-protocol", metavar="<protocol>", action='append') parser_group_zone_or_policy.add_argument("--query-protocol", metavar="<protocol>", action='append') parser_group_zone_or_policy.add_argument("--add-source-port", metavar="<port>", action='append') parser_group_zone_or_policy.add_argument("--remove-source-port", metavar="<port>", action='append') parser_group_zone_or_policy.add_argument("--query-source-port", metavar="<port>", action='append') parser_group_zone_or_policy.add_argument("--add-forward", action="store_true") parser_group_zone_or_policy.add_argument("--remove-forward", action="store_true") parser_group_zone_or_policy.add_argument("--query-forward", action="store_true") parser_group_zone_or_policy.add_argument("--add-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--remove-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--query-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--add-icmp-block", metavar="<icmptype>", action='append') parser_group_zone_or_policy.add_argument("--remove-icmp-block", metavar="<icmptype>", action='append') parser_group_zone_or_policy.add_argument("--query-icmp-block", metavar="<icmptype>", action='append') parser_group_zone_or_policy.add_argument("--add-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--remove-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--query-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--add-forward-port", metavar="<port>", action='append') parser_group_zone_or_policy.add_argument("--remove-forward-port", metavar="<port>", action='append') parser_group_zone_or_policy.add_argument("--query-forward-port", metavar="<port>", action='append') parser_group_zone_or_policy.add_argument("--list-rich-rules", action="store_true") parser_group_zone_or_policy.add_argument("--list-services", action="store_true") parser_group_zone_or_policy.add_argument("--list-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-protocols", action="store_true") parser_group_zone_or_policy.add_argument("--list-icmp-blocks", action="store_true") parser_group_zone_or_policy.add_argument("--list-forward-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-source-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-all", action="store_true") parser_group_zone_or_policy.add_argument("--get-target", action="store_true") parser_group_zone_or_policy.add_argument("--set-target", metavar="<target>") parser_group_zone_or_policy.add_argument("--get-priority", action="store_true") parser_group_zone_or_policy.add_argument("--set-priority", metavar="<priority>") parser.add_argument("--option", metavar="<key>[=<value>]", action='append') parser.add_argument("--type", metavar="<ipsettype>") parser.add_argument("--ipset", metavar="<ipset>") parser_ipset = parser.add_mutually_exclusive_group() #parser_ipset.add_argument("--add-option", metavar="<key>[=<value>]") #parser_ipset.add_argument("--remove-option", metavar="<key>[=<value>]") #parser_ipset.add_argument("--query-option", metavar="<key>[=<value>]") #parser_ipset.add_argument("--get-options", action="store_true") parser_ipset.add_argument("--get-ipsets", action="store_true") parser_ipset.add_argument("--add-entry", metavar="<entry>", action='append') parser_ipset.add_argument("--remove-entry", metavar="<entry>", action='append') parser_ipset.add_argument("--query-entry", metavar="<entry>", action='append') parser_ipset.add_argument("--get-entries", action="store_true") parser_ipset.add_argument("--add-entries-from-file", metavar="<filename>", action='append') parser_ipset.add_argument("--remove-entries-from-file", metavar="<filename>", action='append') parser.add_argument("--icmptype", metavar="<icmptype>") parser_icmptype = parser.add_mutually_exclusive_group() parser_icmptype.add_argument("--add-destination", metavar="<ipv>", action='append') parser_icmptype.add_argument("--remove-destination", metavar="<ipv>", action='append') parser_icmptype.add_argument("--query-destination", metavar="<ipv>", action='append') parser_icmptype.add_argument("--get-destinations", action="store_true") parser.add_argument("--service", metavar="<service>") parser_service = parser.add_mutually_exclusive_group() parser_service.add_argument("--get-ports", action="store_true") parser_service.add_argument("--get-source-ports", action="store_true") parser_service.add_argument("--get-protocols", action="store_true") parser_service.add_argument("--add-module", metavar="<module>", action='append') parser_service.add_argument("--remove-module", metavar="<module>", action='append') parser_service.add_argument("--query-module", metavar="<module>", action='append') parser_service.add_argument("--get-modules", action="store_true") parser_service.add_argument("--add-helper", metavar="<helper>", action='append') parser_service.add_argument("--remove-helper", metavar="<helper>", action='append') parser_service.add_argument("--query-helper", metavar="<helper>", action='append') parser_service.add_argument("--get-service-helpers", action="store_true") parser_service.add_argument("--add-include", metavar="<service>", action='append') parser_service.add_argument("--remove-include", metavar="<service>", action='append') parser_service.add_argument("--query-include", metavar="<service>", action='append') parser_service.add_argument("--get-includes", action="store_true") parser_service.add_argument("--set-destination", metavar="<destination>", action='append') parser_service.add_argument("--get-destination", action="store_true") parser_service.add_argument("--set-description", metavar="<description>") parser_service.add_argument("--get-description", action="store_true") parser_service.add_argument("--set-short", metavar="<description>") parser_service.add_argument("--get-short", action="store_true") parser.add_argument("--helper", metavar="<helper>") parser.add_argument("--family", metavar="<family>") parser.add_argument("--module", metavar="<module>") parser_helper = parser.add_mutually_exclusive_group() #parser_helper.add_argument("--get-ports", action="store_true") parser_helper.add_argument("--get-helpers", action="store_true") parser_helper.add_argument("--set-module", metavar="<module>") parser_helper.add_argument("--get-module", action="store_true") #parser_helper.add_argument("--query-module", metavar="<module>") parser_helper.add_argument("--set-family", metavar="<family>|''", nargs="*") parser_helper.add_argument("--get-family", action="store_true") parser.add_argument("--direct", action="store_true") # not possible to have sequences of options here parser_direct = parser.add_mutually_exclusive_group() parser_direct.add_argument("--passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<args>")) parser_direct.add_argument("--add-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<args>")) parser_direct.add_argument("--remove-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<args>")) parser_direct.add_argument("--query-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<args>")) parser_direct.add_argument("--get-passthroughs", nargs=1, metavar=("{ ipv4 | ipv6 | eb }")) parser_direct.add_argument("--get-all-passthroughs", action="store_true") parser_direct.add_argument("--add-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>")) parser_direct.add_argument("--remove-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>")) parser_direct.add_argument("--query-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>")) parser_direct.add_argument("--get-all-chains", action="store_true") parser_direct.add_argument("--get-chains", nargs=2, metavar=("{ ipv4 | ipv6 | eb }", "<table>")) parser_direct.add_argument("--add-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain> <priority> <args>")) parser_direct.add_argument("--remove-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain> <priority> <args>")) parser_direct.add_argument("--remove-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain>")) parser_direct.add_argument("--query-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "<table> <chain> <priority> <args>")) parser_direct.add_argument("--get-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "<table>", "<chain>")) parser_direct.add_argument("--get-all-rules", action="store_true") ############################################################################## args = sys.argv[1:] if len(sys.argv) > 1: i = -1 if '--passthrough' in args: i = args.index('--passthrough') + 1 elif '--add-passthrough' in args: i = args.index('--add-passthrough') + 1 elif '--remove-passthrough' in args: i = args.index('--remove-passthrough') + 1 elif '--query-passthrough' in args: i = args.index('--query-passthrough') + 1 elif '--add-rule' in args: i = args.index('--add-rule') + 4 elif '--remove-rule' in args: i = args.index('--remove-rule') + 4 elif '--query-rule' in args: i = args.index('--query-rule') + 4 # join <args> into one argument to prevent parser from parsing each iptables # option, because they can conflict with firewall-cmd options # # e.g. --delete (iptables) and --delete-* (firewall-cmd) if (i > -1) and (i < len(args) - 1): aux_args = args[:] args = aux_args[:i+1] # all but not <args> args.append(joinArgs(aux_args[i+1:])) # add <args> as one arg a = parser.parse_args(args) options_standalone = a.help or a.version or \ a.state or a.reload or a.complete_reload or a.runtime_to_permanent or \ a.panic_on or a.panic_off or a.query_panic or \ a.lockdown_on or a.lockdown_off or a.query_lockdown or \ a.get_default_zone or a.set_default_zone or \ a.get_active_zones or a.get_ipset_types or \ a.get_log_denied or a.set_log_denied or \ a.get_automatic_helpers or a.set_automatic_helpers or a.check_config or \ a.get_active_policies options_desc_xml_file = a.set_description or a.get_description or \ a.set_short or a.get_short options_lockdown_whitelist = \ a.list_lockdown_whitelist_commands or a.add_lockdown_whitelist_command or \ a.remove_lockdown_whitelist_command or \ a.query_lockdown_whitelist_command or \ a.list_lockdown_whitelist_contexts or a.add_lockdown_whitelist_context or \ a.remove_lockdown_whitelist_context or \ a.query_lockdown_whitelist_context or \ a.list_lockdown_whitelist_uids or a.add_lockdown_whitelist_uid is not None or \ a.remove_lockdown_whitelist_uid is not None or \ a.query_lockdown_whitelist_uid is not None or \ a.list_lockdown_whitelist_users or a.add_lockdown_whitelist_user or \ a.remove_lockdown_whitelist_user or \ a.query_lockdown_whitelist_user options_config = a.get_zones or a.get_services or a.get_icmptypes or \ options_lockdown_whitelist or a.list_all_zones or \ a.get_zone_of_interface or a.get_zone_of_source or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.info_policy or a.get_ipsets or a.info_helper or \ a.get_helpers or a.get_policies or a.list_all_policies options_zone_and_policy_adapt_query = \ a.add_service or a.remove_service or a.query_service or \ a.add_port or a.remove_port or a.query_port or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.add_source_port or a.remove_source_port or a.query_source_port or \ a.add_icmp_block or a.remove_icmp_block or a.query_icmp_block or \ a.add_forward_port or a.remove_forward_port or a.query_forward_port or \ a.add_rich_rule or a.remove_rich_rule or a.query_rich_rule or \ a.add_masquerade or a.remove_masquerade or a.query_masquerade or \ a.list_services or a.list_ports or a.list_protocols or \ a.list_source_ports or \ a.list_icmp_blocks or a.list_forward_ports or a.list_rich_rules or \ a.list_all or a.get_target or a.set_target options_zone_unique = \ a.add_icmp_block_inversion or a.remove_icmp_block_inversion or \ a.query_icmp_block_inversion or \ a.add_forward or a.remove_forward or a.query_forward or \ a.list_interfaces or a.change_interface or \ a.add_interface or a.remove_interface or a.query_interface or \ a.list_sources or a.change_source or \ a.add_source or a.remove_source or a.query_source options_zone_ops = options_zone_unique or options_zone_and_policy_adapt_query options_policy_unique = \ a.list_ingress_zones or a.add_ingress_zone or \ a.remove_ingress_zone or a.query_ingress_zone or \ a.list_egress_zones or a.add_egress_zone or \ a.remove_egress_zone or a.query_egress_zone or \ a.set_priority or a.get_priority options_policy_ops = options_policy_unique or options_zone_and_policy_adapt_query options_zone = a.zone or a.timeout != "0" or options_zone_ops or \ options_desc_xml_file options_policy = a.policy or a.timeout != "0" or options_policy_ops or \ options_desc_xml_file options_ipset = a.add_entry or a.remove_entry or a.query_entry or \ a.get_entries or a.add_entries_from_file or \ a.remove_entries_from_file or options_desc_xml_file options_icmptype = a.add_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file options_service = a.add_port or a.remove_port or a.query_port or \ a.get_ports or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.get_protocols or \ a.add_source_port or a.remove_source_port or \ a.query_source_port or a.get_source_ports or \ a.add_module or a.remove_module or a.query_module or \ a.get_modules or \ a.set_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file or \ a.add_include or a.remove_include or a.query_include or \ a.get_includes or \ a.add_helper or a.remove_helper or a.query_helper or \ a.get_service_helpers options_helper = a.add_port or a.remove_port or a.query_port or \ a.get_ports or a.set_module or a.get_module or \ a.set_family or a.get_family or \ options_desc_xml_file options_permanent = a.permanent or options_config or \ a.zone or options_zone_ops or \ a.policy or options_policy_ops or \ a.ipset or options_ipset or \ a.helper or options_helper options_permanent_only = a.new_icmptype or a.delete_icmptype or \ a.new_icmptype_from_file or \ a.load_icmptype_defaults or \ a.new_service or a.delete_service or \ a.new_service_from_file or \ a.load_service_defaults or \ a.new_zone or a.delete_zone or \ a.new_zone_from_file or \ a.load_zone_defaults or \ a.new_policy or a.delete_policy or \ a.new_policy_from_file or \ a.load_policy_defaults or \ a.new_ipset or a.delete_ipset or \ a.new_ipset_from_file or \ a.load_ipset_defaults or \ a.new_helper or a.delete_helper or \ a.new_helper_from_file or \ a.load_helper_defaults or \ (a.icmptype and options_icmptype) or \ (a.service and options_service) or \ (a.helper and options_helper) or \ a.path_zone or a.path_icmptype or a.path_service or \ a.path_ipset or a.path_helper or options_desc_xml_file or \ a.path_policy options_direct = a.passthrough or \ a.add_chain or a.remove_chain or a.query_chain or \ a.get_chains or a.get_all_chains or \ a.add_rule or a.remove_rule or a.remove_rules or a.query_rule or \ a.get_rules or a.get_all_rules or \ a.add_passthrough or a.remove_passthrough or a.query_passthrough or \ a.get_passthroughs or a.get_all_passthroughs options_require_permanent = options_permanent_only or \ a.get_target or a.set_target # these are supposed to only write out some output options_list_get = a.help or a.version or a.list_all or a.list_all_zones or \ a.list_lockdown_whitelist_commands or a.list_lockdown_whitelist_contexts or \ a.list_lockdown_whitelist_uids or a.list_lockdown_whitelist_users or \ a.list_services or a.list_ports or a.list_protocols or a.list_icmp_blocks or \ a.list_forward_ports or a.list_rich_rules or a.list_interfaces or \ a.list_sources or a.get_default_zone or a.get_active_zones or \ a.get_zone_of_interface or a.get_zone_of_source or a.get_zones or \ a.get_services or a.get_icmptypes or a.get_target or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.get_entries or \ a.info_helper or a.get_helpers or \ a.get_destinations or a.get_description or \ a.list_all_policies or a.info_policy or a.get_policies or \ a.get_active_policies # Set quiet and verbose cmd = FirewallCommand(a.quiet, a.verbose) def myexcepthook(exctype, value, traceback): cmd.exception_handler(str(value)) sys.excepthook = myexcepthook # Check various impossible combinations of options if not (options_standalone or options_ipset or \ options_icmptype or options_service or options_helper or \ options_config or options_zone_ops or options_policy or \ options_direct or options_permanent_only): cmd.fail(parser.format_usage() + "No option specified.") if options_standalone and (options_zone or options_permanent or \ options_direct or options_permanent_only or \ options_ipset or options_policy): cmd.fail(parser.format_usage() + "Can't use stand-alone options with other options.") if options_ipset and not options_desc_xml_file and not a.ipset: cmd.fail(parser.format_usage() + "No ipset specified.") if (options_icmptype and not a.icmptype) and \ not (options_service and a.service) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No icmptype specified.") if (options_helper and not a.helper) and \ not (options_service and a.service) and \ not options_zone and not options_desc_xml_file and not options_policy: cmd.fail(parser.format_usage() + "No helper specified.") if (options_direct or options_permanent_only) and \ (options_zone and not a.zone) and (options_service and not a.service) and \ (options_icmptype and a.icmptype) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "Can't be used with --zone.") if (a.direct and not options_direct) or (options_direct and not a.direct): cmd.fail(parser.format_usage() + "Wrong usage of 'direct' options.") if a.zone and a.direct: cmd.fail(parser.format_usage() + "--zone is an invalid option with --direct") if a.name and not (a.new_zone_from_file or a.new_service_from_file or \ a.new_ipset_from_file or a.new_icmptype_from_file or \ a.new_helper_from_file or a.new_policy_from_file): cmd.fail(parser.format_usage() + "Wrong usage of '--name' option.") if options_require_permanent and not a.permanent: cmd.fail(parser.format_usage() + "Option can be used only with --permanent.") if options_config and (options_zone or options_policy): cmd.fail(parser.format_usage() + "Wrong usage of --get-zones | --get-services | --get-icmptypes | --get-policies.") if a.timeout != "0": value = 0 unit = 's' if len(a.timeout) < 1: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) elif len(a.timeout) == 1: if a.timeout.isdigit(): value = int (a.timeout[0]) else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) elif len(a.timeout) > 1: if a.timeout.isdigit(): value = int(a.timeout) unit = 's' else: if a.timeout[:-1].isdigit(): value = int (a.timeout[:-1]) else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) unit = a.timeout[-1:].lower() if unit == 's': a.timeout = value elif unit == 'm': a.timeout = value * 60 elif unit == 'h': a.timeout = value * 60 * 60 else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) else: a.timeout = 0 if a.timeout and not (a.add_service or a.add_port or a.add_protocol or \ a.add_icmp_block or a.add_forward_port or \ a.add_source_port or a.add_forward or \ a.add_masquerade or a.add_rich_rule): cmd.fail(parser.format_usage() + "Wrong --timeout usage") if a.permanent: if a.timeout: cmd.fail(parser.format_usage() + "Can't specify timeout for permanent action.") if options_config and not a.zone: pass elif options_permanent: pass else: cmd.fail(parser.format_usage() + "Wrong --permanent usage.") if a.quiet and options_list_get: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.zone and a.policy: cmd.fail(parser.format_usage() + "Can't use --zone with --policy.") if a.policy and options_zone_unique: cmd.fail(parser.format_usage() + "Can't use --policy with zone only options.") if a.zone and options_policy_unique: cmd.fail(parser.format_usage() + "Can't use --zone with policy only options.") if not a.policy and options_policy_unique: cmd.fail(parser.format_usage() + "Must use --policy with policy only options.") if a.help: __usage() sys.exit(0) zone = a.zone try: fw = FirewallClient() except FirewallError as msg: code = FirewallError.get_code(str(msg)) cmd.print_and_exit("Error: %s" % msg, code) fw.setExceptionHandler(cmd.exception_handler) if not fw.connected: if a.state: cmd.print_and_exit ("not running", errors.NOT_RUNNING) else: cmd.print_and_exit ("FirewallD is not running", errors.NOT_RUNNING) cmd.set_fw(fw) if options_zone_ops and not zone and not a.policy and not \ (a.service and options_service) and not \ (a.helper and options_helper): default = fw.getDefaultZone() cmd.print_if_verbose("No zone specified, using default zone, i.e. '%s'" % default) active = list(fw.getActiveZones().keys()) if active and default not in active: cmd.print_msg("""You're performing an operation over default zone ('%s'), but your connections/interfaces are in zone '%s' (see --get-active-zones) You most likely need to use --zone=%s option.\n""" % (default, ",".join(active), active[0])) if a.permanent: if a.get_ipsets: cmd.print_and_exit(" ".join(fw.config().getIPSetNames())) elif a.new_ipset: if not a.type: cmd.fail(parser.format_usage() + "No type specified.") if a.type=='hash:mac' and a.family: cmd.fail(parser.format_usage()+ "--family is not compatible with the hash:mac type") settings = FirewallClientIPSetSettings() settings.setType(a.type) if a.option: for opt in a.option: settings.addOption(*cmd.parse_ipset_option(opt)) if a.family: settings.addOption("family", a.family) config = fw.config() config.addIPSet(a.new_ipset, settings) elif a.new_ipset_from_file: filename = os.path.basename(a.new_ipset_from_file) dirname = os.path.dirname(a.new_ipset_from_file) if dirname == "": dirname = "./" try: obj = ipset_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load ipset file '%s': %s" % \ (a.new_ipset_from_file, msg)) except IOError as msg: cmd.fail("Failed to load ipset file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addIPSet(obj.name, obj.export_config()) elif a.delete_ipset: ipset = fw.config().getIPSetByName(a.delete_ipset) ipset.remove() elif a.load_ipset_defaults: ipset = fw.config().getIPSetByName(a.load_ipset_defaults) ipset.loadDefaults() elif a.info_ipset: ipset = fw.config().getIPSetByName(a.info_ipset) cmd.print_ipset_info(a.info_ipset, ipset.getSettings()) sys.exit(0) elif a.path_ipset: ipset = fw.config().getIPSetByName(a.path_ipset) cmd.print_and_exit("%s/%s" % (ipset.get_property("path"), ipset.get_property("filename"))) elif a.ipset: ipset = fw.config().getIPSetByName(a.ipset) settings = ipset.getSettings() if a.add_entry: cmd.add_sequence(a.add_entry, settings.addEntry, settings.queryEntry, None, "'%s'") ipset.update(settings) elif a.remove_entry: cmd.remove_sequence(a.remove_entry, settings.removeEntry, settings.queryEntry, None, "'%s'") ipset.update(settings) elif a.query_entry: cmd.query_sequence(a.query_entry, settings.queryEntry, None, "'%s'") elif a.get_entries: l = settings.getEntries() cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose( "Warning: ALREADY_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: ipset.update(settings) elif a.remove_entries_from_file: changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: ipset.update(settings) elif a.set_description: settings.setDescription(a.set_description) ipset.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) ipset.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.get_zones: cmd.print_and_exit(" ".join(fw.config().getZoneNames())) elif a.new_zone: config = fw.config() config.addZone(a.new_zone, FirewallClientZoneSettings()) elif a.new_zone_from_file: filename = os.path.basename(a.new_zone_from_file) dirname = os.path.dirname(a.new_zone_from_file) if dirname == "": dirname = "./" try: obj = zone_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load zone file '%s': %s" % \ (a.new_zone_from_file, msg)) except IOError as msg: cmd.fail("Failed to load zone file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addZone(obj.name, obj.export_config()) elif a.delete_zone: zone = fw.config().getZoneByName(a.delete_zone) zone.remove() elif a.load_zone_defaults: zone = fw.config().getZoneByName(a.load_zone_defaults) zone.loadDefaults() elif a.info_zone: zone = fw.config().getZoneByName(a.info_zone) cmd.print_zone_info(a.info_zone, zone.getSettings(), True) sys.exit(0) elif a.path_zone: zone = fw.config().getZoneByName(a.path_zone) cmd.print_and_exit("%s/%s" % (zone.get_property("path"), zone.get_property("filename"))) elif a.get_policies: cmd.print_and_exit(" ".join(fw.config().getPolicyNames())) elif a.new_policy: config = fw.config() config.addPolicy(a.new_policy, FirewallClientPolicySettings()) elif a.new_policy_from_file: filename = os.path.basename(a.new_policy_from_file) dirname = os.path.dirname(a.new_policy_from_file) if dirname == "": dirname = "./" try: obj = policy_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load policy file '%s': %s" % \ (a.new_policy_from_file, msg)) except IOError as msg: cmd.fail("Failed to load policy file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addPolicy(obj.name, obj.export_config_dict()) elif a.delete_policy: policy = fw.config().getPolicyByName(a.delete_policy) policy.remove() elif a.load_policy_defaults: policy = fw.config().getPolicyByName(a.load_policy_defaults) policy.loadDefaults() elif a.info_policy: policy = fw.config().getPolicyByName(a.info_policy) cmd.print_policy_info(a.info_policy, policy.getSettings()) sys.exit(0) elif a.path_policy: policy = fw.config().getPolicyByName(a.path_policy) cmd.print_and_exit("%s/%s" % (policy.get_property("path"), policy.get_property("filename"))) elif a.get_services: cmd.print_and_exit(" ".join(fw.config().getServiceNames())) elif a.new_service: config = fw.config() config.addService(a.new_service, FirewallClientServiceSettings()) elif a.new_service_from_file: filename = os.path.basename(a.new_service_from_file) dirname = os.path.dirname(a.new_service_from_file) if dirname == "": dirname = "./" try: obj = service_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load service file '%s': %s" % \ (a.new_service_from_file, msg)) except IOError as msg: cmd.fail("Failed to load service file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addService(obj.name, obj.export_config()) elif a.delete_service: service = fw.config().getServiceByName(a.delete_service) service.remove() elif a.load_service_defaults: service = fw.config().getServiceByName(a.load_service_defaults) service.loadDefaults() elif a.info_service: service = fw.config().getServiceByName(a.info_service) cmd.print_service_info(a.info_service, service.getSettings()) sys.exit(0) elif a.path_service: service = fw.config().getServiceByName(a.path_service) cmd.print_and_exit("%s/%s" % (service.get_property("path"), service.get_property("filename"))) elif a.get_helpers: cmd.print_and_exit(" ".join(fw.config().getHelperNames())) elif a.new_helper: if not a.module: cmd.fail(parser.format_usage() + "No module specified.") settings = FirewallClientHelperSettings() settings.setModule(a.module) if a.family: settings.setFamily(a.family) config = fw.config() config.addHelper(a.new_helper, settings) elif a.new_helper_from_file: filename = os.path.basename(a.new_helper_from_file) dirname = os.path.dirname(a.new_helper_from_file) if dirname == "": dirname = "./" try: obj = helper_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load helper file '%s': %s" % \ (a.new_helper_from_file, msg)) except IOError as msg: cmd.fail("Failed to load helper file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addHelper(obj.name, obj.export_config()) elif a.delete_helper: helper = fw.config().getHelperByName(a.delete_helper) helper.remove() elif a.load_helper_defaults: helper = fw.config().getHelperByName(a.load_helper_defaults) helper.loadDefaults() elif a.info_helper: helper = fw.config().getHelperByName(a.info_helper) cmd.print_helper_info(a.info_helper, helper.getSettings()) sys.exit(0) elif a.path_helper: helper = fw.config().getHelperByName(a.path_helper) cmd.print_and_exit("%s/%s" % (helper.get_property("path"), helper.get_property("filename"))) elif a.helper: helper = fw.config().getHelperByName(a.helper) settings = helper.getSettings() if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") helper.update(settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") helper.update(settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = helper.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.get_module: cmd.print_and_exit(settings.getModule()) elif a.set_module: settings.setModule(cmd.check_module(a.set_module)) helper.update(settings) elif a.get_family: cmd.print_and_exit(settings.getFamily()) elif a.set_family: settings.setFamily(cmd.check_helper_family(a.set_family[0])) helper.update(settings) elif a.set_description: settings.setDescription(a.set_description) helper.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) helper.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.get_icmptypes: cmd.print_and_exit(" ".join(fw.config().getIcmpTypeNames())) elif a.new_icmptype: config = fw.config() config.addIcmpType(a.new_icmptype, FirewallClientIcmpTypeSettings()) elif a.new_icmptype_from_file: filename = os.path.basename(a.new_icmptype_from_file) dirname = os.path.dirname(a.new_icmptype_from_file) if dirname == "": dirname = "./" try: obj = icmptype_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load icmptype file '%s': %s" % \ (a.new_icmptype_from_file, msg)) except IOError as msg: cmd.fail("Failed to load icmptype file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addIcmpType(obj.name, obj.export_config()) elif a.delete_icmptype: icmptype = fw.config().getIcmpTypeByName(a.delete_icmptype) icmptype.remove() elif a.load_icmptype_defaults: icmptype = fw.config().getIcmpTypeByName(a.load_icmptype_defaults) icmptype.loadDefaults() elif a.info_icmptype: icmptype = fw.config().getIcmpTypeByName(a.info_icmptype) cmd.print_icmptype_info(a.info_icmptype, icmptype.getSettings()) sys.exit(0) elif a.path_icmptype: icmptype = fw.config().getIcmpTypeByName(a.path_icmptype) cmd.print_and_exit("%s/%s" % (icmptype.get_property("path"), icmptype.get_property("filename"))) elif a.icmptype: icmptype = fw.config().getIcmpTypeByName(a.icmptype) settings = icmptype.getSettings() if a.add_destination: cmd.add_sequence(a.add_destination, settings.addDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") icmptype.update(settings) elif a.remove_destination: cmd.remove_sequence(a.remove_destination, settings.removeDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") icmptype.update(settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.check_destination_ipv , "'%s'") elif a.get_destinations: l = settings.getDestinations() if len(l) == 0: l = [ "ipv4", "ipv6" ] cmd.print_and_exit("\n".join(l)) elif a.set_description: settings.setDescription(a.set_description) icmptype.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) icmptype.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.service: service = fw.config().getServiceByName(a.service) settings = service.getSettings() if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") service.update(settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") service.update(settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") service.update(settings) elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") service.update(settings) elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") elif a.get_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") service.update(settings) elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") service.update(settings) elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.get_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_module: cmd.add_sequence(a.add_module, settings.addModule, settings.queryModule, None, "'%s'") service.update(settings) elif a.remove_module: cmd.remove_sequence(a.remove_module, settings.removeModule, settings.queryModule, None, "'%s'") service.update(settings) elif a.query_module: cmd.query_sequence(a.query_module, settings.queryModule, None, "'%s'") elif a.get_modules: l = settings.getModules() cmd.print_and_exit(" ".join(["%s" % module for module in l])) elif a.set_destination: cmd.add_sequence(a.set_destination, settings.setDestination, settings.queryDestination, cmd.parse_service_destination, "%s:%s") service.update(settings) elif a.remove_destination: # special case for removeDestination: Only ipv, no address for ipv in a.remove_destination: cmd.check_destination_ipv(ipv) if ipv not in settings.getDestinations(): if len(a.remove_destination) > 1: cmd.print_warning("Warning: NOT_ENABLED: '%s'" % ipv) else: code = FirewallError.get_code("NOT_ENABLED") cmd.print_and_exit("Error: NOT_ENABLED: '%s'" % ipv, code) else: settings.removeDestination(ipv) service.update(settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.parse_service_destination, "'%s'") elif a.get_destinations: l = settings.getDestinations() cmd.print_and_exit(" ".join(["%s:%s" % (dest[0], dest[1]) for dest in l.items()])) elif a.add_include: cmd.add_sequence(a.add_include, settings.addInclude, settings.queryInclude, None, "'%s'") service.update(settings) elif a.remove_include: cmd.remove_sequence(a.remove_include, settings.removeInclude, settings.queryInclude, None, "'%s'") service.update(settings) elif a.query_include: cmd.query_sequence(a.query_include, settings.queryInclude, None, "'%s'") elif a.get_includes: l = settings.getIncludes() cmd.print_and_exit(" ".join(["%s" % include for include in sorted(l)])) elif a.add_helper: cmd.add_sequence(a.add_helper, settings.addHelper, settings.queryHelper, None, "'%s'") service.update(settings) elif a.remove_helper: cmd.remove_sequence(a.remove_helper, settings.removeHelper, settings.queryHelper, None, "'%s'") service.update(settings) elif a.query_helper: cmd.query_sequence(a.query_helper, settings.queryHelper, None, "'%s'") elif a.get_service_helpers: l = settings.getHelpers() cmd.print_and_exit(" ".join(["%s" % helper for helper in sorted(l)])) elif a.set_description: settings.setDescription(a.set_description) service.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) service.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") # lockdown whitelist elif options_lockdown_whitelist: policies = fw.config().policies() # commands if a.list_lockdown_whitelist_commands: l = policies.getLockdownWhitelistCommands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, policies.addLockdownWhitelistCommand, policies.queryLockdownWhitelistCommand, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, policies.removeLockdownWhitelistCommand, policies.queryLockdownWhitelistCommand, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, policies.queryLockdownWhitelistCommand, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = policies.getLockdownWhitelistContexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, policies.addLockdownWhitelistContext, policies.queryLockdownWhitelistContext, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, policies.removeLockdownWhitelistContext, policies.queryLockdownWhitelistContext, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, policies.queryLockdownWhitelistContext, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = policies.getLockdownWhitelistUids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid is not None: cmd.add_sequence(a.add_lockdown_whitelist_uid, policies.addLockdownWhitelistUid, policies.queryLockdownWhitelistUid, None, "%s") elif a.remove_lockdown_whitelist_uid is not None: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, policies.removeLockdownWhitelistUid, policies.queryLockdownWhitelistUid, None, "%s") elif a.query_lockdown_whitelist_uid is not None: cmd.query_sequence(a.query_lockdown_whitelist_uid, policies.queryLockdownWhitelistUid, None, "%s") # users elif a.list_lockdown_whitelist_users: l = policies.getLockdownWhitelistUsers() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, policies.addLockdownWhitelistUser, policies.queryLockdownWhitelistUser, None, "%s") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, policies.removeLockdownWhitelistUser, policies.queryLockdownWhitelistUser, None, "%s") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, policies.queryLockdownWhitelistUser, None, "'%s'") elif options_direct: direct = fw.config().direct() if a.passthrough: if len(a.passthrough) < 2: cmd.fail("usage: --permanent --direct --passthrough { ipv4 | ipv6 | eb } <args>") cmd.print_msg(direct.addPassthrough(cmd.check_ipv(a.passthrough[0]), splitArgs(a.passthrough[1]))) if a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --permanent --direct --add-passthrough { ipv4 | ipv6 | eb } <args>") cmd.print_msg(direct.addPassthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1]))) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --permanent --direct --remove-passthrough { ipv4 | ipv6 | eb } <args>") direct.removePassthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --permanent --direct --query-passthrough { ipv4 | ipv6 | eb } <args>") cmd.print_query_result( direct.queryPassthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) sys.exit(0) elif a.get_passthroughs: rules = direct.getPassthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: for (ipv, rule) in direct.getAllPassthroughs(): cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: direct.addChain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: direct.removeChain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result( direct.queryChain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) sys.exit(0) elif a.get_chains: cmd.print_and_exit( " ".join(direct.getChains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) sys.exit(0) elif a.get_all_chains: chains = direct.getAllChains() for (ipv, table, chain) in chains: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --permanent --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") direct.addRule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --permanent --direct --remove-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --remove-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") direct.removeRule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --permanent --direct --remove-rules { ipv4 | ipv6 | eb } <table> <chain>") direct.removeRules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --permanent --direct --query-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --query-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") cmd.print_query_result( direct.queryRule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) sys.exit(0) elif a.get_rules: rules = direct.getRules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = direct.getAllRules() for (ipv, table, chain, priority, rule) in rules: cmd.print_msg("%s %s %s %d %s" % (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) elif a.list_all_policies: names = fw.config().getPolicyNames() for policy in sorted(names): settings = fw.config().getPolicyByName(policy).getSettings() cmd.print_policy_info(policy, settings) cmd.print_msg("") sys.exit(0) elif a.policy: fw_policy = fw.config().getPolicyByName(a.policy) settings = fw_policy.getSettings() # list all policy settings if a.list_all: cmd.print_policy_info(a.policy, settings) sys.exit(0) # ingress zones elif a.list_ingress_zones: l = settings.getIngressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_ingress_zone: cmd.add_sequence(a.add_ingress_zone, settings.addIngressZone, settings.queryIngressZone, None, "'%s'") elif a.remove_ingress_zone: cmd.remove_sequence(a.remove_ingress_zone, settings.removeIngressZone, settings.queryIngressZone, None, "'%s'") elif a.query_ingress_zone: cmd.query_sequence(a.query_ingress_zone, settings.queryIngressZone, None, "'%s'") # egress zones elif a.list_egress_zones: l = settings.getEgressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_egress_zone: cmd.add_sequence(a.add_egress_zone, settings.addEgressZone, settings.queryEgressZone, None, "'%s'") elif a.remove_egress_zone: cmd.remove_sequence(a.remove_egress_zone, settings.removeEgressZone, settings.queryEgressZone, None, "'%s'") elif a.query_egress_zone: cmd.query_sequence(a.query_egress_zone, settings.queryEgressZone, None, "'%s'") # priority elif a.get_priority: cmd.print_and_exit(str(settings.getPriority())) elif a.set_priority: settings.setPriority(a.set_priority) # rich rules elif a.list_rich_rules: l = settings.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, settings.addRichRule, settings.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, settings.removeRichRule, settings.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, settings.queryRichRule, None, "'%s'") # service elif a.list_services: l = settings.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, settings.addService, settings.queryService, None, "'%s'") elif a.remove_service: cmd.remove_sequence(a.remove_service, settings.removeService, settings.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, settings.queryService, None, "'%s'") # port elif a.list_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") # masquerade elif a.add_masquerade: settings.addMasquerade() elif a.remove_masquerade: settings.removeMasquerade() elif a.query_masquerade: cmd.print_query_result(settings.queryMasquerade()) # forward port elif a.list_forward_ports: l = settings.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, settings.addForwardPort, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, settings.removeForwardPort, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = settings.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, settings.addIcmpBlock, settings.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, settings.removeIcmpBlock, settings.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, settings.queryIcmpBlock, None, "'%s'") # target elif a.get_target: target = settings.getTarget() cmd.print_and_exit(target) elif a.set_target: settings.setTarget(a.set_target) # set description elif a.set_description: settings = fw.config().getPolicyByName(a.policy).getSettings() settings.setDescription(a.set_description) # get description elif a.get_description: settings = fw.config().getPolicyByName(a.policy).getSettings() cmd.print_and_exit(settings.getDescription()) # set short description elif a.set_short: settings = fw.config().getPolicyByName(a.policy).getSettings() settings.setShort(a.set_short) # get short description elif a.get_short: settings = fw.config().getPolicyByName(a.policy).getSettings() cmd.print_and_exit(settings.getShort()) fw_policy.update(settings) else: if zone == "": zone = fw.getDefaultZone() fw_zone = fw.config().getZoneByName(zone) # interface if a.list_interfaces: interfaces = sorted(set(try_nm_get_interfaces_in_zone(zone)) | set(fw_zone.getInterfaces())) cmd.print_and_exit(" ".join(interfaces)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: # ask NM before checking our config zone = try_get_zone_of_interface(interface) if not zone: zone = fw.config().getZoneOfInterface(interface) if zone: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.fail("no zone") elif a.change_interface: interfaces = [ ] for interface in a.change_interface: if not try_set_zone_of_interface(zone, interface): interfaces.append(interface) for interface in interfaces: old_zone_name = fw.config().getZoneOfInterface(interface) if old_zone_name != zone: if old_zone_name: old_zone_obj = fw.config().getZoneByName(old_zone_name) old_zone_obj.removeInterface(interface)# remove from old fw_zone.addInterface(interface) # add to new elif a.add_interface: interfaces = [ ] for interface in a.add_interface: if not try_set_zone_of_interface(a.zone, interface): interfaces.append(interface) cmd.add_sequence(interfaces, fw_zone.addInterface, fw_zone.queryInterface, None, "'%s'") elif a.remove_interface: interfaces = [ ] for interface in a.remove_interface: if not try_set_zone_of_interface("", interface): interfaces.append(interface) cmd.remove_sequence(interfaces, fw_zone.removeInterface, fw_zone.queryInterface, None, "'%s'") elif a.query_interface: cmd.query_sequence(a.query_interface, fw_zone.queryInterface, None, "'%s'") # source if a.list_sources: sources = fw_zone.getSources() cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: zone = fw.config().getZoneOfSource(source) if zone: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.fail("no zone") elif a.change_source: for source in a.change_source: old_zone_name = fw.config().getZoneOfSource(source) if old_zone_name != zone: if old_zone_name: old_zone_obj = fw.config().getZoneByName(old_zone_name) old_zone_obj.removeSource(source) # remove from old fw_zone.addSource(source) # add to new elif a.add_source: cmd.add_sequence(a.add_source, fw_zone.addSource, fw_zone.querySource, None, "'%s'") elif a.remove_source: cmd.remove_sequence(a.remove_source, fw_zone.removeSource, fw_zone.querySource, None, "'%s'") elif a.query_source: cmd.query_sequence(a.query_source, fw_zone.querySource, None, "'%s'") # rich rules if a.list_rich_rules: l = fw_zone.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, fw_zone.addRichRule, fw_zone.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, fw_zone.removeRichRule, fw_zone.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, fw_zone.queryRichRule, None, "'%s'") # service if a.list_services: l = fw_zone.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, fw_zone.addService, fw_zone.queryService, None, "'%s'") elif a.remove_service: cmd.remove_sequence(a.remove_service, fw_zone.removeService, fw_zone.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, fw_zone.queryService, None, "'%s'") # port elif a.list_ports: l = fw_zone.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.add_sequence(a.add_port, fw_zone.addPort, fw_zone.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, fw_zone.removePort, fw_zone.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, fw_zone.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = fw_zone.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, fw_zone.addProtocol, fw_zone.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, fw_zone.removeProtocol, fw_zone.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, fw_zone.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw_zone.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, fw_zone.addSourcePort, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, fw_zone.removeSourcePort, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") # forward elif a.add_forward: fw_zone.addForward() elif a.remove_forward: fw_zone.removeForward() elif a.query_forward: cmd.print_query_result(fw_zone.queryForward()) # masquerade elif a.add_masquerade: fw_zone.addMasquerade() elif a.remove_masquerade: fw_zone.removeMasquerade() elif a.query_masquerade: cmd.print_query_result(fw_zone.queryMasquerade()) # forward port elif a.list_forward_ports: l = fw_zone.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, fw_zone.addForwardPort, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, fw_zone.removeForwardPort, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = fw_zone.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, fw_zone.addIcmpBlock, fw_zone.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, fw_zone.removeIcmpBlock, fw_zone.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, fw_zone.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw_zone.addIcmpBlockInversion() elif a.remove_icmp_block_inversion: fw_zone.removeIcmpBlockInversion() elif a.query_icmp_block_inversion: cmd.print_query_result(fw_zone.queryIcmpBlockInversion()) # zone target elif a.get_target: target = fw_zone.getTarget() cmd.print_and_exit(target if target != "%%REJECT%%" else "REJECT") elif a.set_target: fw_zone.setTarget(a.set_target if a.set_target != "REJECT" else "%%REJECT%%") # list all zone settings elif a.list_all: interfaces = try_nm_get_interfaces_in_zone(zone) cmd.print_zone_info(zone, fw_zone.getSettings(), extra_interfaces=interfaces) sys.exit(0) # list everything elif a.list_all_zones: names = fw.config().getZoneNames() for zone in sorted(names): interfaces = try_nm_get_interfaces_in_zone(zone) settings = fw.config().getZoneByName(zone).getSettings() cmd.print_zone_info(zone, settings, extra_interfaces=interfaces) cmd.print_msg("") sys.exit(0) # set zone description elif a.set_description: settings = fw.config().getZoneByName(zone).getSettings() settings.setDescription(a.set_description) fw_zone.update(settings) # get zone description elif a.get_description: settings = fw.config().getZoneByName(zone).getSettings() cmd.print_and_exit(settings.getDescription()) # set zone short description elif a.set_short: settings = fw.config().getZoneByName(zone).getSettings() settings.setShort(a.set_short) fw_zone.update(settings) # get zone short description elif a.get_short: settings = fw.config().getZoneByName(zone).getSettings() cmd.print_and_exit(settings.getShort()) elif a.version: cmd.print_and_exit(fw.get_property("version")) elif a.state: state = fw.get_property("state") if state == "RUNNING": cmd.print_and_exit ("running") elif state == "FAILED": cmd.print_and_exit("failed", errors.RUNNING_BUT_FAILED) else: cmd.print_and_exit ("not running", errors.NOT_RUNNING) elif a.get_log_denied: cmd.print_and_exit(fw.getLogDenied()) elif a.set_log_denied: fw.setLogDenied(a.set_log_denied) elif a.get_automatic_helpers: cmd.print_and_exit(fw.getAutomaticHelpers()) elif a.set_automatic_helpers: fw.setAutomaticHelpers(a.set_automatic_helpers) elif a.get_ipset_types: types = fw.get_property("IPSetTypes") cmd.print_and_exit(" ".join(sorted(types))) elif a.reload: fw.reload() elif a.complete_reload: fw.complete_reload() elif a.runtime_to_permanent: fw.runtimeToPermanent() elif a.check_config: fw.checkPermanentConfig() elif a.direct: if a.passthrough: if len(a.passthrough) < 2: cmd.fail("usage: --direct --passthrough { ipv4 | ipv6 | eb } <args>") msg = fw.passthrough(cmd.check_ipv(a.passthrough[0]), splitArgs(a.passthrough[1])) if msg: sys.stdout.write(msg + "\n") elif a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --direct --add-passthrough { ipv4 | ipv6 | eb } <args>") fw.addPassthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1])) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --direct --remove-passthrough { ipv4 | ipv6 | eb } <args>") fw.removePassthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --direct --query-passthrough { ipv4 | ipv6 | eb } <args>") cmd.print_query_result( fw.queryPassthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) elif a.get_passthroughs: rules = fw.getPassthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: for (ipv, rule) in fw.getAllPassthroughs(): cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: fw.addChain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: fw.removeChain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result(fw.queryChain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) elif a.get_chains: cmd.print_and_exit(" ".join(fw.getChains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) elif a.get_all_chains: chains = fw.getAllChains() for (ipv, table, chain) in chains: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") fw.addRule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") fw.removeRule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --direct --remove-rules { ipv4 | ipv6 | eb } <table> <chain>") fw.removeRules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>") cmd.print_query_result( fw.queryRule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) elif a.get_rules: rules = fw.getRules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = fw.getAllRules() for (ipv, table, chain, priority, rule) in rules: cmd.print_msg("%s %s %s %d %s" % (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) elif a.get_default_zone: cmd.print_and_exit(fw.getDefaultZone()) elif a.set_default_zone: fw.setDefaultZone(a.set_default_zone) elif a.get_zones: cmd.print_and_exit(" ".join(fw.getZones())) elif a.get_active_zones: zones = fw.getActiveZones() for zone in zones: cmd.print_msg("%s" % zone) for x in [ "interfaces", "sources" ]: if x in zones[zone]: cmd.print_msg(" %s: %s" % (x, " ".join(zones[zone][x]))) sys.exit(0) elif a.get_policies: cmd.print_and_exit(" ".join(fw.getPolicies())) elif a.get_active_policies: policies = fw.getActivePolicies() for policy in policies: cmd.print_msg("%s" % policy) for x in [ "ingress_zones", "egress_zones" ]: if x in policies[policy]: cmd.print_msg(" %s: %s" % (x.replace("_", "-"), " ".join(policies[policy][x]))) sys.exit(0) elif a.get_services: l = fw.listServices() cmd.print_and_exit(" ".join(l)) elif a.get_icmptypes: l = fw.listIcmpTypes() cmd.print_and_exit(" ".join(l)) # panic elif a.panic_on: fw.enablePanicMode() elif a.panic_off: fw.disablePanicMode() elif a.query_panic: cmd.print_query_result(fw.queryPanicMode()) # ipset elif a.get_ipsets: ipsets = fw.getIPSets() cmd.print_and_exit(" ".join(sorted(ipsets))) elif a.info_ipset: cmd.print_ipset_info(a.info_ipset, fw.getIPSetSettings(a.info_ipset)) sys.exit(0) elif a.add_entry: cmd.x_add_sequence(a.ipset, a.add_entry, fw.addEntry, fw.queryEntry, None, "'%s'") elif a.remove_entry: cmd.x_remove_sequence(a.ipset, a.remove_entry, fw.removeEntry, fw.queryEntry, None, "'%s'") elif a.query_entry: cmd.x_query_sequence(a.ipset, a.query_entry, fw.queryEntry, None, "'%s'") elif a.get_entries: l = fw.getEntries(a.ipset) cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: old_entries = fw.getEntries(a.ipset) changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose("Warning: ALREADY_ENABLED: %s" % entry) if changed: fw.setEntries(a.ipset, old_entries) elif a.remove_entries_from_file: old_entries = fw.getEntries(a.ipset) changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % entry) if changed: fw.setEntries(a.ipset, old_entries) # helper elif a.get_helpers: helpers = fw.getHelpers() cmd.print_and_exit(" ".join(sorted(helpers))) elif a.info_helper: cmd.print_helper_info(a.info_helper, fw.getHelperSettings(a.info_helper)) sys.exit(0) # lockdown elif a.lockdown_on: fw.config().set_property("Lockdown", "yes") # permanent fw.enableLockdown() # runtime elif a.lockdown_off: fw.config().set_property("Lockdown", "no") # permanent fw.disableLockdown() # runtime elif a.query_lockdown: cmd.print_query_result(fw.queryLockdown()) # runtime #lockdown = fw.config().get_property("Lockdown") #cmd.print_query_result(lockdown.lower() in [ "yes", "true" ]) # lockdown whitelist # commands elif a.list_lockdown_whitelist_commands: l = fw.getLockdownWhitelistCommands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, fw.addLockdownWhitelistCommand, fw.queryLockdownWhitelistCommand, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, fw.removeLockdownWhitelistCommand, fw.queryLockdownWhitelistCommand, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, fw.queryLockdownWhitelistCommand, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = fw.getLockdownWhitelistContexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, fw.addLockdownWhitelistContext, fw.queryLockdownWhitelistContext, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, fw.removeLockdownWhitelistContext, fw.queryLockdownWhitelistContext, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, fw.queryLockdownWhitelistContext, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = fw.getLockdownWhitelistUids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid is not None: cmd.add_sequence(a.add_lockdown_whitelist_uid, fw.addLockdownWhitelistUid, fw.queryLockdownWhitelistUid, None, "'%s'") elif a.remove_lockdown_whitelist_uid is not None: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, fw.removeLockdownWhitelistUid, fw.queryLockdownWhitelistUid, None, "'%s'") elif a.query_lockdown_whitelist_uid is not None: cmd.query_sequence(a.query_lockdown_whitelist_uid, fw.queryLockdownWhitelistUid, None, "'%s'") # users elif a.list_lockdown_whitelist_users: l = fw.getLockdownWhitelistUsers() cmd.print_and_exit(" ".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, fw.addLockdownWhitelistUser, fw.queryLockdownWhitelistUser, None, "'%s'") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, fw.removeLockdownWhitelistUser, fw.queryLockdownWhitelistUser, None, "'%s'") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, fw.queryLockdownWhitelistUser, None, "'%s'") # interface elif a.list_interfaces: l = fw.getInterfaces(zone) cmd.print_and_exit(" ".join(l)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: zone = fw.getZoneOfInterface(interface) if zone: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.fail("no zone") elif a.add_interface: interfaces = [ ] for interface in a.add_interface: interfaces.append(interface) cmd.x_add_sequence(zone, interfaces, fw.addInterface, fw.queryInterface, None, "'%s'") elif a.change_interface: interfaces = [ ] for interface in a.change_interface: interfaces.append(interface) cmd.x_add_sequence(zone, interfaces, fw.changeZoneOfInterface, fw.queryInterface, None, "'%s'") elif a.remove_interface: interfaces = [ ] for interface in a.remove_interface: interfaces.append(interface) cmd.x_remove_sequence(zone, interfaces, fw.removeInterface, fw.queryInterface, None, "'%s'") elif a.query_interface: cmd.x_query_sequence(zone, a.query_interface, fw.queryInterface, None, "'%s'") # source elif a.list_sources: sources = fw.getSources(zone) cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: zone = fw.getZoneOfSource(source) if zone: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.fail("no zone") sys.exit(0) elif a.add_source: cmd.x_add_sequence(zone, a.add_source, fw.addSource, fw.querySource, None, "'%s'") elif a.change_source: cmd.x_add_sequence(zone, a.change_source, fw.changeZoneOfSource, fw.querySource, None, "'%s'") elif a.remove_source: cmd.x_remove_sequence(zone, a.remove_source, fw.removeSource, fw.querySource, None, "'%s'") elif a.query_source: cmd.x_query_sequence(zone, a.query_source, fw.querySource, None, "'%s'") # policy elif a.policy: settings = fw.getPolicySettings(a.policy) if a.list_all: cmd.print_policy_info(a.policy, settings) sys.exit(0) # ingress zones elif a.list_ingress_zones: l = settings.getIngressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_ingress_zone: cmd.add_sequence(a.add_ingress_zone, settings.addIngressZone, settings.queryIngressZone, None, "'%s'") elif a.remove_ingress_zone: cmd.remove_sequence(a.remove_ingress_zone, settings.removeIngressZone, settings.queryIngressZone, None, "'%s'") elif a.query_ingress_zone: cmd.query_sequence(a.query_ingress_zone, settings.queryIngressZone, None, "'%s'") # egress zones elif a.list_egress_zones: l = settings.getEgressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_egress_zone: cmd.add_sequence(a.add_egress_zone, settings.addEgressZone, settings.queryEgressZone, None, "'%s'") elif a.remove_egress_zone: cmd.remove_sequence(a.remove_egress_zone, settings.removeEgressZone, settings.queryEgressZone, None, "'%s'") elif a.query_egress_zone: cmd.query_sequence(a.query_egress_zone, settings.queryEgressZone, None, "'%s'") # rich rules elif a.list_rich_rules: l = settings.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, settings.addRichRule, settings.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, settings.removeRichRule, settings.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, settings.queryRichRule, None, "'%s'") # service if a.list_services: l = settings.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, settings.addService, settings.queryService, None, "'%s'") elif a.remove_service: cmd.remove_sequence(a.remove_service, settings.removeService, settings.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, settings.queryService, None, "'%s'") # port elif a.list_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") # masquerade elif a.add_masquerade: settings.addMasquerade() elif a.remove_masquerade: settings.removeMasquerade() elif a.query_masquerade: cmd.print_query_result(settings.queryMasquerade()) # forward port elif a.list_forward_ports: l = settings.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, settings.addForwardPort, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, settings.removeForwardPort, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = settings.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, settings.addIcmpBlock, settings.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, settings.removeIcmpBlock, settings.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, settings.queryIcmpBlock, None, "'%s'") fw.setPolicySettings(a.policy, settings) # endif a.policy # # else zone: # rich rules elif a.list_rich_rules: l = fw.getRichRules(zone) cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.zone_add_timeout_sequence(zone, a.add_rich_rule, fw.addRichRule, fw.queryRichRule, None, "'%s'", a.timeout) elif a.remove_rich_rule: cmd.x_remove_sequence(zone, a.remove_rich_rule, fw.removeRichRule, fw.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.x_query_sequence(zone, a.query_rich_rule, fw.queryRichRule, None, "'%s'") # service elif a.list_services: l = fw.getServices(zone) cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.zone_add_timeout_sequence(zone, a.add_service, fw.addService, fw.queryService, None, "'%s'", a.timeout) elif a.remove_service: cmd.x_remove_sequence(zone, a.remove_service, fw.removeService, fw.queryService, None, "'%s'") elif a.query_service: cmd.x_query_sequence(zone, a.query_service, fw.queryService, None, "'%s'") # port elif a.list_ports: l = fw.getPorts(zone) cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.zone_add_timeout_sequence(zone, a.add_port, fw.addPort, fw.queryPort, cmd.parse_port, "'%s/%s'", a.timeout) elif a.remove_port: cmd.x_remove_sequence(zone, a.remove_port, fw.removePort, fw.queryPort, cmd.parse_port, "'%s/%s'") elif a.query_port: cmd.x_query_sequence(zone, a.query_port, fw.queryPort, cmd.parse_port, "'%s/%s'") # protocol elif a.list_protocols: l = fw.getProtocols(zone) cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.zone_add_timeout_sequence(zone, a.add_protocol, fw.addProtocol, fw.queryProtocol, None, "'%s'", a.timeout) elif a.remove_protocol: cmd.x_remove_sequence(zone, a.remove_protocol, fw.removeProtocol, fw.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.x_query_sequence(zone, a.query_protocol, fw.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw.getSourcePorts(zone) cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.zone_add_timeout_sequence(zone, a.add_source_port, fw.addSourcePort, fw.querySourcePort, cmd.parse_port, "'%s/%s'", a.timeout) elif a.remove_source_port: cmd.x_remove_sequence(zone, a.remove_source_port, fw.removeSourcePort, fw.querySourcePort, cmd.parse_port, "'%s/%s'") elif a.query_source_port: cmd.x_query_sequence(zone, a.query_source_port, fw.querySourcePort, cmd.parse_port, "'%s/%s'") # forward elif a.add_forward: fw.addForward(zone) elif a.remove_forward: fw.removeForward(zone) elif a.query_forward: cmd.print_query_result(fw.queryForward(zone)) # masquerade elif a.add_masquerade: fw.addMasquerade(zone, a.timeout) elif a.remove_masquerade: fw.removeMasquerade(zone) elif a.query_masquerade: cmd.print_query_result(fw.queryMasquerade(zone)) # forward port elif a.list_forward_ports: l = fw.getForwardPorts(zone) cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.zone_add_timeout_sequence(zone, a.add_forward_port, fw.addForwardPort, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'", a.timeout) elif a.remove_forward_port: cmd.x_remove_sequence(zone, a.remove_forward_port, fw.removeForwardPort, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'") elif a.query_forward_port: cmd.x_query_sequence(zone, a.query_forward_port, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'") # block icmp elif a.list_icmp_blocks: l = fw.getIcmpBlocks(zone) cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.zone_add_timeout_sequence(zone, a.add_icmp_block, fw.addIcmpBlock, fw.queryIcmpBlock, None, "'%s'", a.timeout) elif a.remove_icmp_block: cmd.x_remove_sequence(zone, a.remove_icmp_block, fw.removeIcmpBlock, fw.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.x_query_sequence(zone, a.query_icmp_block, fw.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw.addIcmpBlockInversion(zone) elif a.remove_icmp_block_inversion: fw.removeIcmpBlockInversion(zone) elif a.query_icmp_block_inversion: cmd.print_query_result(fw.queryIcmpBlockInversion(zone)) # list all elif a.list_all: z = zone if zone else fw.getDefaultZone() cmd.print_zone_info(z, fw.getZoneSettings(z)) sys.exit(0) # list everything elif a.list_all_zones: for zone in fw.getZones(): cmd.print_zone_info(zone, fw.getZoneSettings(zone)) cmd.print_msg("") sys.exit(0) elif a.list_all_policies: for policy in fw.getPolicies(): cmd.print_policy_info(policy, fw.getPolicySettings(policy)) cmd.print_msg("") sys.exit(0) elif a.info_zone: cmd.print_zone_info(a.info_zone, fw.getZoneSettings(a.info_zone), True) sys.exit(0) elif a.info_policy: cmd.print_policy_info(a.info_policy, fw.getPolicySettings(a.info_policy)) sys.exit(0) elif a.info_service: cmd.print_service_info(a.info_service, fw.getServiceSettings(a.info_service)) sys.exit(0) elif a.info_icmptype: cmd.print_icmptype_info(a.info_icmptype, fw.getIcmpTypeSettings(a.info_icmptype)) sys.exit(0) cmd.print_and_exit("success")
Upload File
Create Folder