freeipa

Clone
Source Code
GIT

fc70c78 New firewall support class in ipatests/pytest_ipa/integration/firewall

Authored and Committed by twoerner 5 years ago
raw patch tree parent
1 file changed. 122 lines added. 0 lines removed.
ipatests/pytest_ipa/integration/firewall.py
file added
+122 
    New firewall support class in ipatests/pytest_ipa/integration/firewall
    
    The new Firewall class provides methods to enable and disable a service,
    service lists and also methods to apply a passthrough rule, also to add,
    prepend and also remove a list of passthrough rules:
    
    class Firewall
        __init__(host)
            Initialize with host where firewall changes should be applied
            Unmasks, enables and starts firewalld
    
        enable_service(service)
            Enable firewall service in firewalld runtime and permanent
            environment
    
        disable_service(service)
            Disable firewall service in firewalld runtime and permanent
            environment
    
        enable_services(services)
            Enable list of firewall services in firewalld runtime and
            permanent environment
    
        disable_services(services)
            Disable list of firewall services in firewalld runtime and
            permanent environment
    
        passthrough_rule(rule, ipv=None)
            Generic method to get direct passthrough rules to firewalld
            rule is an ip[6]tables rule without using the ip[6]tables command.
            The rule will per default be added to the IPv4 and IPv6 firewall.
            If there are IP version specific parts in the rule, please make
            sure that ipv is set properly.
            The rule is added to the direct sub chain of the chain that is
            used in the rule
    
        add_passthrough_rules(rules, ipv=None)
            Add passthough rules to the end of the chain
            rules is a list of ip[6]tables rules, where the first entry of each
            rule is the chain. No --append/-A, --delete/-D should be added
            before the chain name, beacuse these are added by the method.
            If there are IP version specific parts in the rule, please make
            sure that ipv is set to either ipv4 or ipv6.
    
        prepend_passthrough_rules(rules, ipv=None)
            Insert passthough rules starting at position 1 as a block
            rules is a list of ip[6]tables rules, where the first entry of each
            rule is the chain. No --append/-A, --delete/-D should be added
            before the chain name, beacuse these are added by the method.
            If there are IP version specific parts in the rule, please make
            sure that ipv is set to either ipv4 or ipv6.
    
        remove_passthrough_rules(rules, ipv=None)
            Remove passthrough rules
            rules is a list of ip[6]tables rules, where the first entry of each
            rule is the chain. No --append/-A, --delete/-D should be added
            before the chain name, beacuse these are added by the method.
            If there are IP version specific parts in the rule, please make
            sure that ipv is set to either ipv4 or ipv6.
    
    See: https://pagure.io/freeipa/issue/7755
    Signed-off-by: Thomas Woerner <twoerner@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Armando Neto <abiagion@redhat.com>
file added
+122
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.